cnvd - cnvd-2020-22004

CNVD-2020-22004

Vulnerability from cnvd - Published: 2020-04-09

Title

Huawei NIP6800，Secospace USG6600和USG9500越界写入漏洞

Description

Huawei USG9500等都是中国华为（Huawei）公司的产品。USG9500是一款数据中心防火墙产品。NIP6800是一套入侵防御系统。USG6600是一款数据中防火墙产品。 Huawei NIP6800，Secospace USG6600和USG9500中存在越界写入漏洞，未经认证的远程攻击者可通过向目标产品发送特定参数的报文利用该漏洞导致设备复位。

Severity

中

Patch Name

Huawei NIP6800，Secospace USG6600和USG9500越界写入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-cn

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-1876

Impacted products

Name
['Huawei USG9500 V500R001C30SPC200', 'Huawei USG9500 V500R001C30SPC600', 'Huawei USG9500 V500R001C60SPC500', 'Huawei NIP6800 V500R005C00', 'Huawei USG9500 V500R005C00', 'Huawei Secospace USG6600 V500R005C00', 'Huawei Secospace USG6600 V500R001C60SPC500', 'Huawei Secospace USG6600 V500R001C30SPC600', 'Huawei NIP6800 V500R001C30', 'Huawei NIP6800 V500R001C60SPC500']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1876"
    }
  },
  "description": "Huawei USG9500\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002USG9500\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u5fc3\u9632\u706b\u5899\u4ea7\u54c1\u3002NIP6800\u662f\u4e00\u5957\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\u3002USG6600\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u9632\u706b\u5899\u4ea7\u54c1\u3002\n\nHuawei NIP6800\uff0cSecospace USG6600\u548cUSG9500\u4e2d\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u76ee\u6807\u4ea7\u54c1\u53d1\u9001\u7279\u5b9a\u53c2\u6570\u7684\u62a5\u6587\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u590d\u4f4d\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22004",
  "openTime": "2020-04-09",
  "patchDescription": "Huawei USG9500\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002USG9500\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u5fc3\u9632\u706b\u5899\u4ea7\u54c1\u3002NIP6800\u662f\u4e00\u5957\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\u3002USG6600\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u9632\u706b\u5899\u4ea7\u54c1\u3002\r\n\r\nHuawei NIP6800\uff0cSecospace USG6600\u548cUSG9500\u4e2d\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u76ee\u6807\u4ea7\u54c1\u53d1\u9001\u7279\u5b9a\u53c2\u6570\u7684\u62a5\u6587\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u590d\u4f4d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei NIP6800\uff0cSecospace USG6600\u548cUSG9500\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei USG9500 V500R001C30SPC200",
      "Huawei USG9500 V500R001C30SPC600",
      "Huawei USG9500 V500R001C60SPC500",
      "Huawei NIP6800 V500R005C00",
      "Huawei USG9500 V500R005C00",
      "Huawei Secospace USG6600 V500R005C00",
      "Huawei Secospace USG6600 V500R001C60SPC500",
      "Huawei Secospace USG6600 V500R001C30SPC600",
      "Huawei NIP6800 V500R001C30",
      "Huawei NIP6800 V500R001C60SPC500"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1876",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-20",
  "title": "Huawei NIP6800\uff0cSecospace USG6600\u548cUSG9500\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e"
}

CVE-2020-1876 (GCVE-0-2020-1876)

Vulnerability from cvelistv5 – Published: 2020-02-28 18:42 – Updated: 2024-08-04 06:53

Summary

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot.

Severity ?

No CVSS data available.

CWE

Out-of-bounds Write

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	NIP6800;Secospace USG6600;USG9500	Affected: V500R001C30,V500R001C60SPC500,V500R005C00 Affected: V500R001C30SPC600,V500R001C60SPC500,V500R005C00 Affected: V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:53:58.633Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NIP6800;Secospace USG6600;USG9500",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30,V500R001C60SPC500,V500R005C00"
            },
            {
              "status": "affected",
              "version": "V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
            },
            {
              "status": "affected",
              "version": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-28T18:42:04",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1876",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NIP6800;Secospace USG6600;USG9500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V500R001C30,V500R001C60SPC500,V500R005C00"
                          },
                          {
                            "version_value": "V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
                          },
                          {
                            "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1876",
    "datePublished": "2020-02-28T18:42:04",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-04T06:53:58.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-22004

CVE-2020-1876 (GCVE-0-2020-1876)

Tags

Sightings

Nomenclature