CVE-2020-1815
https://notcve.org/view.php?id=CVE-2020-1815
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad de pérdida de memoria. El software no rastrea y libera suficientemente la memoria asignada mientras analiza determinado mensaje, el atacante envía el mensaje continuamente que podría consumir la memoria restante. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-1827
https://notcve.org/view.php?id=CVE-2020-1827
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00SPC100; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00SPC100, presentan una vulnerabilidad de fuga de información. Un atacante puede explotar esta vulnerabilidad mediante el envío de paquetes de petición específicos hacia los dispositivos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-ipsec-en • CWE-404: Improper Resource Shutdown or Release •
CVE-2020-1829
https://notcve.org/view.php?id=CVE-2020-1829
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. Huawei NIP6800 versiones V500R001C30 y V500R001C60SPC500; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600 y V500R001C60SPC500, presentan una vulnerabilidad de que el módulo IPSec maneja un mensaje inapropiadamente. Los atacantes pueden enviar mensajes específicos para causar una doble liberación de memoria. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-ipsec-en • CWE-415: Double Free •
CVE-2020-1857
https://notcve.org/view.php?id=CVE-2020-1857
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00SPC100; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00SPC100, presentan una vulnerabilidad de fuga de información. Debido a un procesamiento inapropiado de algunos datos, un atacante autenticado local puede explotar esta vulnerabilidad por medio de una serie de operaciones. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-leakage-en •
CVE-2020-1828
https://notcve.org/view.php?id=CVE-2020-1828
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad de comprobación de entrada donde el módulo IPSec no comprueba un campo en un mensaje específico. Los atacantes pueden enviar mensajes específicos para causar una lectura fuera de límite, comprometiendo el servicio normal. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •