CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-1856
https://notcve.org/view.php?id=CVE-2020-1856
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Los módulos Huawei NGFW, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600 y USG9500 versiones V500R001C30, V500R001C60 y V500R005C00, presentan una vulnerabilidad de fuga de información. Un atacante puede explotar esta vulnerabilidad mediante el envío de paquetes de peticiones específicos hacia los dispositivos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-1829
https://notcve.org/view.php?id=CVE-2020-1829
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. Huawei NIP6800 versiones V500R001C30 y V500R001C60SPC500; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600 y V500R001C60SPC500, presentan una vulnerabilidad de que el módulo IPSec maneja un mensaje inapropiadamente. Los atacantes pueden enviar mensajes específicos para causar una doble liberación de memoria. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-ipsec-en • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1857
https://notcve.org/view.php?id=CVE-2020-1857
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00SPC100; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00SPC100, presentan una vulnerabilidad de fuga de información. Debido a un procesamiento inapropiado de algunos datos, un atacante autenticado local puede explotar esta vulnerabilidad por medio de una serie de operaciones. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-leakage-en •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1828
https://notcve.org/view.php?id=CVE-2020-1828
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad de comprobación de entrada donde el módulo IPSec no comprueba un campo en un mensaje específico. Los atacantes pueden enviar mensajes específicos para causar una lectura fuera de límite, comprometiendo el servicio normal. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1858
https://notcve.org/view.php?id=CVE-2020-1858
Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Attackers need to perform a series of operations in a special scenario to exploit this vulnerability. Successful exploit may cause the new connections can't be established, result in a denial of service. Los Productos de Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00SPC100; Secospace USG6600 versiones V500R001C30SPC600, V500R001C60SPC500 y V500R005C00SPC100; y USG9500 versiones V500R001C30SPC600, V500R001C60SPC500 y V500R005C00SPC100, presentan una vulnerabilidad de denegación de servicio. Los atacantes necesitan llevar a cabo una serie de operaciones en un escenario especial para explotar esta vulnerabilidad. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-dos-en http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-04-dos-en •