CVE-2020-1824

Published: Dic 28, 2024 Last Modified: Gen 13, 2025 EU-VD ID: EUVD-2020-12650 Aliases: GSD-2020-1824
ExploitDB:
Other exploit source:
Google Dorks:
LOW 3,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low

Description

AI Translation Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)

The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0010
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

125

Out-of-bounds Read

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Availability Other
Potential Impacts:
Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Technologies: ICS/OT
View CWE Details
Operating System

Ips Module Firmware by Huawei

Product Information
Vendor Huawei
Product Ips Module Firmware
Version v500r001c30
cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6300 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6300 Firmware
Version v500r001c30
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6600 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6600 Firmware
Version v500r005c00
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ngfw Module Firmware by Huawei

Product Information
Vendor Huawei
Product Ngfw Module Firmware
Version v500r002c20
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ips Module Firmware by Huawei

Product Information
Vendor Huawei
Product Ips Module Firmware
Version v500r005c00
cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6500 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6500 Firmware
Version v500r001c30
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6300 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6300 Firmware
Version v500r005c00
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6500 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6500 Firmware
Version v500r001c60
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6300 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6300 Firmware
Version v500r001c30
cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Usg6000V Firmware by Huawei

Product Information
Vendor Huawei
Product Usg6000V Firmware
Version v500r003c00
cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6600 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6600 Firmware
Version v500r001c60
cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6600 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6600 Firmware
Version v500r001c30
cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6600 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6600 Firmware
Version v500r005c00
cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ngfw Module Firmware by Huawei

Product Information
Vendor Huawei
Product Ngfw Module Firmware
Version v500r005c00
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6300 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6300 Firmware
Version v500r001c60
cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6300 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6300 Firmware
Version v500r005c00
cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6600 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6600 Firmware
Version v500r001c30
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6500 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6500 Firmware
Version v500r005c00
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6800 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6800 Firmware
Version v500r005c00
cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nip6800 Firmware by Huawei

Product Information
Vendor Huawei
Product Nip6800 Firmware
Version v500r001c60
cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ips Module Firmware by Huawei

Product Information
Vendor Huawei
Product Ips Module Firmware
Version v500r001c60
cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Secospace Usg6300 Firmware by Huawei

Product Information
Vendor Huawei
Product Secospace Usg6300 Firmware
Version v500r001c60
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ngfw Module Firmware by Huawei

Product Information
Vendor Huawei
Product Ngfw Module Firmware
Version v500r002c00
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.huawei.com/en/psirt/security-advisories/2020/hu…
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-…