CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-1876
https://notcve.org/view.php?id=CVE-2020-1876
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. NIP6800; Secospace USG6600; USG9500 con versiones de V500R001C30; V500R001C60SPC500; V500R005C00SPC100, presentan una vulnerabilidad de escritura fuera de límites. Un atacante no autenticado diseña paquetes malformados con un parámetro específico y los envía hacia los productos afectados. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-1860
https://notcve.org/view.php?id=CVE-2020-1860
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet. Los productos NIP6800; Secospace USG6600; USG9500 con versiones de V500R001C30; V500R001C60SPC500; V500R005C00SPC100, presentan una vulnerabilidad de omisión del control de acceso. Los atacantes que pueden acceder a la red interna pueden explotar esta vulnerabilidad con una implementación cuidadosa. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1814
https://notcve.org/view.php?id=CVE-2020-1814
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad de desreferencia del puntero Dangling. Un atacante autenticado puede llevar a cabo algunas operaciones especiales en los productos afectados en algunos escenarios especiales para explotar está vulnerabilidad. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-firewall-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1830
https://notcve.org/view.php?id=CVE-2020-1830
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad en la que ocurre un error de administración de memoria cuando el Módulo IPSec maneja un mensaje específico. Esto causa una lectura fuera de límite de 1 byte, comprometiendo el servicio normal. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-04-ipsec-en • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1816
https://notcve.org/view.php?id=CVE-2020-1816
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad de Denegación de Servicio (DoS). Debido a un procesamiento inapropiado de paquetes IPSEC específicos, un atacante remoto puede enviar paquetes IPSEC construidos hacia los dispositivos afectados para explotar esta vulnerabilidad. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-firewall-en •