Vulnerabilities > CVE-2020-1875 - Access of Uninitialized Pointer vulnerability in Huawei products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

huawei

CWE-824

NVD

Published: 2020-02-28

Updated: 2020-03-04

Summary

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500;USG9500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Nip6800 Firmware V500R001C30 Huawei Nip6800 Firmware V500R001C60Spc500 Huawei Secospace Usg6600 Firmware V500R001C30Spc200 Huawei Secospace Usg6600 Firmware V500R001C30Spc600 Huawei Secospace Usg6600 Firmware V500R001C60Spc500 Huawei Usg9500 Firmware V500R001C30Spc200 Huawei Usg9500 Firmware V500R001C30Spc600 Huawei Usg9500 Firmware V500R001C60Spc500	8
Hardware	Huawei Huawei Nip6800 - Huawei Secospace Usg6600 - Huawei Usg9500 -	3

Common Weakness Enumeration (CWE)

CWE-824 - Access of Uninitialized Pointer

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-wildpointer-en