CVE-2020-1816
https://notcve.org/view.php?id=CVE-2020-1816
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad de Denegación de Servicio (DoS). Debido a un procesamiento inapropiado de paquetes IPSEC específicos, un atacante remoto puede enviar paquetes IPSEC construidos hacia los dispositivos afectados para explotar esta vulnerabilidad. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-firewall-en •
CVE-2020-1815
https://notcve.org/view.php?id=CVE-2020-1815
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00; Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00, presentan una vulnerabilidad de pérdida de memoria. El software no rastrea y libera suficientemente la memoria asignada mientras analiza determinado mensaje, el atacante envía el mensaje continuamente que podría consumir la memoria restante. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-1827
https://notcve.org/view.php?id=CVE-2020-1827
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Huawei NIP6800 versiones V500R001C30, V500R001C60SPC500 y V500R005C00SPC100; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500 y V500R005C00SPC100, presentan una vulnerabilidad de fuga de información. Un atacante puede explotar esta vulnerabilidad mediante el envío de paquetes de petición específicos hacia los dispositivos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-ipsec-en • CWE-404: Improper Resource Shutdown or Release •
CVE-2020-1856
https://notcve.org/view.php?id=CVE-2020-1856
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Los módulos Huawei NGFW, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600 y USG9500 versiones V500R001C30, V500R001C60 y V500R005C00, presentan una vulnerabilidad de fuga de información. Un atacante puede explotar esta vulnerabilidad mediante el envío de paquetes de peticiones específicos hacia los dispositivos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en •
CVE-2020-1829
https://notcve.org/view.php?id=CVE-2020-1829
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. Huawei NIP6800 versiones V500R001C30 y V500R001C60SPC500; y Secospace USG6600 y USG9500 versiones V500R001C30SPC200, V500R001C30SPC600 y V500R001C60SPC500, presentan una vulnerabilidad de que el módulo IPSec maneja un mensaje inapropiadamente. Los atacantes pueden enviar mensajes específicos para causar una doble liberación de memoria. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-ipsec-en • CWE-415: Double Free •