Vulnerabilities > CVE-2020-1866 - Out-of-bounds Read vulnerability in Huawei products

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

huawei

CWE-125

NVD

Published: 2021-01-13

Updated: 2021-01-19

Summary

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Nip6800 Firmware V500R001C30 Huawei Nip6800 Firmware V500R001C60Spc500 Huawei Nip6800 Firmware V500R005C00 Huawei S12700 Firmware V200R008C00 Huawei S2700 Firmware V200R008C00 Huawei S5700 Firmware V200R008C00 Huawei S6700 Firmware V200R008C00 Huawei S7700 Firmware V200R008C00 Huawei S9700 Firmware V200R008C00 Huawei Secospace Usg6600 Firmware V500R001C30Spc200 Huawei Secospace Usg6600 Firmware V500R001C30Spc600 Huawei Secospace Usg6600 Firmware V500R001C60Spc500 Huawei Secospace Usg6600 Firmware V500R005C00 Huawei Usg9500 Firmware V500R001C30Spc300 Huawei Usg9500 Firmware V500R001C30Spc600 Huawei Usg9500 Firmware V500R001C60Spc500 Huawei Usg9500 Firmware V500R005C00	17
Hardware	Huawei Huawei Nip6800 - Huawei S12700 - Huawei S2700 - Huawei S5700 - Huawei S6700 - Huawei S7700 - Huawei S9700 - Huawei Secospace Usg6600 - Huawei Usg9500 -	9

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en