CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1814
https://notcve.org/view.php?id=CVE-2020-1814
18 Feb 2020 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some servic... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-firewall-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1830
https://notcve.org/view.php?id=CVE-2020-1830
17 Feb 2020 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-04-ipsec-en • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1816
https://notcve.org/view.php?id=CVE-2020-1816
17 Feb 2020 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal. Huawei NIP6800 versiones V500R001C30, V50... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-firewall-en •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1815
https://notcve.org/view.php?id=CVE-2020-1815
17 Feb 2020 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1827
https://notcve.org/view.php?id=CVE-2020-1827
17 Feb 2020 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00SPC100; y Secospace USG6600 y USG9500 versiones... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-ipsec-en • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-1856
https://notcve.org/view.php?id=CVE-2020-1856
17 Feb 2020 — Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Los módulos Huawei NGFW, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600 y USG9500 versiones V500R001C30, V500R001C60 y V500R005C00, presentan una vulnerabilidad de fuga d... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-1829
https://notcve.org/view.php?id=CVE-2020-1829
17 Feb 2020 — Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. Huawei NIP6800 versiones V500R001C30 y V500R001C60SPC500; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600 y V500R001C60SPC500, presentan una vulner... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-ipsec-en • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1857
https://notcve.org/view.php?id=CVE-2020-1857
17 Feb 2020 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00SPC100; y... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-leakage-en •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1828
https://notcve.org/view.php?id=CVE-2020-1828
17 Feb 2020 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; y Secospace USG6600 y USG9500 versiones V500R001... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1858
https://notcve.org/view.php?id=CVE-2020-1858
17 Feb 2020 — Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Attackers need to perform a series of operations in a special scenario to exploit this vulnerability. Successful exploit may cause the new connections can't be established, result in a denial of service. Los Product... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-dos-en •