cnvd - cnvd-2020-36731

CNVD-2020-36731

Vulnerability from cnvd - Published: 2020-07-07

Title

Huawei NIP6800、Secospace USG6600和USG9500 IPSec模块越界读漏洞

Description

Huawei USG9500等都是中国华为（Huawei）公司的产品。USG9500是一款数据中心防火墙产品。NIP6800是一套入侵防御系统。USG6600是一款数据中防火墙产品。 Huawei NIP6800、Secospace USG6600和USG9500中的IPSec模块存在安全漏洞。攻击者可通过恶意构造报文利用该漏洞导致设备内存读越界，影响功能正常使用。

Severity

中

Patch Name

Huawei NIP6800、Secospace USG6600和USG9500 IPSec模块越界读漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200212-01-ipsec-cn

Reference

https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200212-01-ipsec-cn

Impacted products

Name
['Huawei USG9500 V500R001C30SPC200', 'Huawei USG9500 V500R001C30SPC600', 'Huawei USG9500 V500R001C60SPC500', 'Huawei USG9500 V500R005C00', 'Huawei Secospace USG6600 V500R005C00', 'Huawei Secospace USG6600 V500R001C60SPC500', 'Huawei Secospace USG6600 V500R001C30SPC600', 'Huawei Secospace USG6600 V500R001C30SPC200', 'Huawei NIP6800 V500R001C30', 'Huawei NIP6800 V500R001C60SPC500', 'Huawei NIP6800 V500R005C00']

Name

['Huawei USG9500 V500R001C30SPC200', 'Huawei USG9500 V500R001C30SPC600', 'Huawei USG9500 V500R001C60SPC500', 'Huawei USG9500 V500R005C00', 'Huawei Secospace USG6600 V500R005C00', 'Huawei Secospace USG6600 V500R001C60SPC500', 'Huawei Secospace USG6600 V500R001C30SPC600', 'Huawei Secospace USG6600 V500R001C30SPC200', 'Huawei NIP6800 V500R001C30', 'Huawei NIP6800 V500R001C60SPC500', 'Huawei NIP6800 V500R005C00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1828",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-1828"
    }
  },
  "description": "Huawei USG9500\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002USG9500\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u5fc3\u9632\u706b\u5899\u4ea7\u54c1\u3002NIP6800\u662f\u4e00\u5957\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\u3002USG6600\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u9632\u706b\u5899\u4ea7\u54c1\u3002\n\nHuawei NIP6800\u3001Secospace USG6600\u548cUSG9500\u4e2d\u7684IPSec\u6a21\u5757\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6076\u610f\u6784\u9020\u62a5\u6587\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u5185\u5b58\u8bfb\u8d8a\u754c\uff0c\u5f71\u54cd\u529f\u80fd\u6b63\u5e38\u4f7f\u7528\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200212-01-ipsec-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-36731",
  "openTime": "2020-07-07",
  "patchDescription": "Huawei USG9500\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002USG9500\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u5fc3\u9632\u706b\u5899\u4ea7\u54c1\u3002NIP6800\u662f\u4e00\u5957\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\u3002USG6600\u662f\u4e00\u6b3e\u6570\u636e\u4e2d\u9632\u706b\u5899\u4ea7\u54c1\u3002\r\n\r\nHuawei NIP6800\u3001Secospace USG6600\u548cUSG9500\u4e2d\u7684IPSec\u6a21\u5757\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6076\u610f\u6784\u9020\u62a5\u6587\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u5185\u5b58\u8bfb\u8d8a\u754c\uff0c\u5f71\u54cd\u529f\u80fd\u6b63\u5e38\u4f7f\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei NIP6800\u3001Secospace USG6600\u548cUSG9500 IPSec\u6a21\u5757\u8d8a\u754c\u8bfb\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei USG9500 V500R001C30SPC200",
      "Huawei USG9500 V500R001C30SPC600",
      "Huawei USG9500 V500R001C60SPC500",
      "Huawei USG9500 V500R005C00",
      "Huawei Secospace USG6600 V500R005C00",
      "Huawei Secospace USG6600 V500R001C60SPC500",
      "Huawei Secospace USG6600 V500R001C30SPC600",
      "Huawei Secospace USG6600 V500R001C30SPC200",
      "Huawei NIP6800 V500R001C30",
      "Huawei NIP6800 V500R001C60SPC500",
      "Huawei NIP6800 V500R005C00"
    ]
  },
  "referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200212-01-ipsec-cn",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-17",
  "title": "Huawei NIP6800\u3001Secospace USG6600\u548cUSG9500 IPSec\u6a21\u5757\u8d8a\u754c\u8bfb\u6f0f\u6d1e"
}

CVE-2020-1828 (GCVE-0-2020-1828)

Vulnerability from cvelistv5 – Published: 2020-02-17 19:49 – Updated: 2024-08-04 06:46

Summary

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.

Severity ?

No CVSS data available.

CWE

Input Validation

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Huawei

NIP6800

Affected: V500R001C30
Affected: V500R001C60SPC500
Affected: V500R005C00

	Huawei	Secospace USG6600	Affected: V500R001C30SPC200 Affected: V500R001C30SPC600 Affected: V500R001C60SPC500 Affected: V500R005C00
	Huawei	USG9500	Affected: V500R001C30SPC200 Affected: V500R001C30SPC600 Affected: V500R001C60SPC500 Affected: V500R005C00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NIP6800",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R001C60SPC500"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "product": "Secospace USG6600",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30SPC200"
            },
            {
              "status": "affected",
              "version": "V500R001C30SPC600"
            },
            {
              "status": "affected",
              "version": "V500R001C60SPC500"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "product": "USG9500",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30SPC200"
            },
            {
              "status": "affected",
              "version": "V500R001C30SPC600"
            },
            {
              "status": "affected",
              "version": "V500R001C60SPC500"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Input Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-17T19:49:51",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1828",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NIP6800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V500R001C30"
                          },
                          {
                            "version_value": "V500R001C60SPC500"
                          },
                          {
                            "version_value": "V500R005C00"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Secospace USG6600",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V500R001C30SPC200"
                          },
                          {
                            "version_value": "V500R001C30SPC600"
                          },
                          {
                            "version_value": "V500R001C60SPC500"
                          },
                          {
                            "version_value": "V500R005C00"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "USG9500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V500R001C30SPC200"
                          },
                          {
                            "version_value": "V500R001C30SPC600"
                          },
                          {
                            "version_value": "V500R001C60SPC500"
                          },
                          {
                            "version_value": "V500R005C00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1828",
    "datePublished": "2020-02-17T19:49:51",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-04T06:46:30.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-36731

CVE-2020-1828 (GCVE-0-2020-1828)

Tags

Sightings

Nomenclature