Vulnerabilities > Huawei > Secospace Usg6600 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-08 CVE-2020-9099 Improper Authentication vulnerability in Huawei products
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability.
network
low complexity
huawei CWE-287
7.5
7.5
2020-02-28 CVE-2020-1873 Out-of-bounds Read vulnerability in Huawei products
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability.
network
low complexity
huawei CWE-125
7.8
7.8
2020-01-03 CVE-2019-5304 Classic Buffer Overflow vulnerability in Huawei products
Some Huawei products have a buffer error vulnerability.
network
low complexity
huawei CWE-120
7.8
7.8
2018-02-15 CVE-2017-15348 Improper Input Validation vulnerability in Huawei products
Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability.
network
low complexity
huawei CWE-20
7.8
7.8
2017-04-02 CVE-2016-8795 Integer Overflow or Wraparound vulnerability in Huawei products
Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset.
network
huawei CWE-190
7.1
7.1
2016-05-23 CVE-2016-4576 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products
Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."
network
low complexity
huawei CWE-119
7.5
7.5