cve-2020-1823
Vulnerability from cvelistv5
Published
2024-12-28 06:29
Modified
2024-12-28 16:33
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.
References
psirt@huawei.comhttps://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-enVendor Advisory
Impacted products
Vendor Product Version
Huawei NGFW Module Version: V500R002C00
Version: V500R002C20
Version: V500R005C00
Huawei NIP6300 Version: V500R001C30
Version: V500R001C60
Version: V500R005C00
Huawei NIP6600 Version: V500R001C30
Version: V500R001C60
Version: V500R005C00
Huawei NIP6800 Version: V500R001C60
Version: V500R005C00
Huawei Secospace USG6300 Version: V500R001C30
Version: V500R001C60
Version: V500R005C00
Huawei Secospace USG6500 Version: V500R001C30
Version: V500R001C60
Version: V500R005C00
Huawei Secospace USG6600 Version: V500R001C30
Version: V500R005C00
Huawei USG6000V Version: V500R003C00
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-1823",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-28T16:33:21.089526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T16:33:45.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "IPS Module",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R001C60"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NGFW Module",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R002C00"
            },
            {
              "status": "affected",
              "version": "V500R002C20"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NIP6300",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R001C60"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NIP6600",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R001C60"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NIP6800",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C60"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Secospace USG6300",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R001C60"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Secospace USG6500",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R001C60"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Secospace USG6600",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "USG6000V",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "V500R003C00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\u003c/p\u003e\u003cp\u003eThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.\u003c/p\u003e"
            }
          ],
          "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-28T06:29:49.051Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1823",
    "datePublished": "2024-12-28T06:29:49.051Z",
    "dateReserved": "2019-11-29T00:00:00.000Z",
    "dateUpdated": "2024-12-28T16:33:45.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"074FE8AB-6BE1-4E77-84E2-1D5C7205D0E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC0C5A24-3F4E-4F1F-BC3C-7DC6707712CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60A9007D-D6AD-4DB9-A0AC-1E400AEC0884\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BAD43A3-730A-4ABC-89F0-DF93A06AA60F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F46A81BE-C125-4CAE-8EE1-23177FE0C21E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5524ABE8-D4C4-4BCC-BB57-D1E47480330D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D57DC59-B234-463F-8BBD-631B7EE9928C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"547D4A9A-6B57-4BBA-9FFE-CF50B9AC5DF4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"728A7B78-6E19-4656-848F-269DB955070C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A26FE369-FDB8-4425-B51A-465A41FECE7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3462B41-1DC4-4451-9575-F81C52F7A23C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E054182-CE33-45E3-8595-159A75BA5162\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"946F5FF7-412F-40F9-A492-DE8E11E7B919\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90C480FB-4D2C-49ED-A635-8B7BEFD95193\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AC093ED-A979-4484-B758-1C16DF2D6030\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE8CA649-7AE1-497C-869B-B4DD315F342C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7EE3877-6344-466D-90B0-68CF4A53A256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6FCA659-5DF8-44EA-91B6-A80FBB68322A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"875441DD-575F-4F4D-A6BD-23C38641D330\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A8AEAB1-6106-47A2-8207-67E557A8BF80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDD7E147-B39E-4C6F-BA5F-F046F3AE4728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68E9D32D-46F1-495B-BF83-308DFF8822F8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C281B511-7A27-4FC6-9427-AE5AD7C302F3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"627F40B6-8CD1-47EE-8937-F1FAAAB86F0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EE084FC-27EB-4CE6-B529-508DA690C9D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6C14DF5-42F7-470F-B3DD-52B5A0770EC0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADB7FBB2-1CC6-4DA3-85AB-66562B0A9198\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"391BFC6B-9AE6-49D7-855A-CB94AD1EE5C1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE469876-F873-4705-9760-097AE840A818\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"778A61F5-661E-4B41-B08D-C623957BEEE9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:usg6000v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88E8A1C0-CD02-4D4E-8DFC-0E03CF914C68\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\\n\\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.\"}, {\"lang\": \"es\", \"value\": \"Existen m\\u00faltiples vulnerabilidades de lectura fuera de los l\\u00edmites (OOB) en la implementaci\\u00f3n del protocolo Common Open Policy Service (COPS) de algunos productos Huawei. La funci\\u00f3n de decodificaci\\u00f3n espec\\u00edfica puede realizar una lectura fuera de los l\\u00edmites cuando se procesa un paquete de datos entrante. La explotaci\\u00f3n exitosa de estas vulnerabilidades puede interrumpir el servicio en el dispositivo afectado. (ID de vulnerabilidad: HWPSIRT-2018-12275, HWPSIRT-2018-12276, HWPSIRT-2018-12277, HWPSIRT-2018-12278, HWPSIRT-2018-12279, HWPSIRT-2018-12280 y HWPSIRT-2018-12289) A las siete vulnerabilidades se les han asignado siete identificadores de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 y CVE-2020-1824.\"}]",
      "id": "CVE-2020-1823",
      "lastModified": "2025-01-13T18:39:37.540",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@huawei.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2024-12-28T07:15:18.357",
      "references": "[{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"psirt@huawei.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1823\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2024-12-28T07:15:18.357\",\"lastModified\":\"2025-01-13T18:39:37.540\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\\n\\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.\"},{\"lang\":\"es\",\"value\":\"Existen m\u00faltiples vulnerabilidades de lectura fuera de los l\u00edmites (OOB) en la implementaci\u00f3n del protocolo Common Open Policy Service (COPS) de algunos productos Huawei. La funci\u00f3n de decodificaci\u00f3n espec\u00edfica puede realizar una lectura fuera de los l\u00edmites cuando se procesa un paquete de datos entrante. La explotaci\u00f3n exitosa de estas vulnerabilidades puede interrumpir el servicio en el dispositivo afectado. (ID de vulnerabilidad: HWPSIRT-2018-12275, HWPSIRT-2018-12276, HWPSIRT-2018-12277, HWPSIRT-2018-12278, HWPSIRT-2018-12279, HWPSIRT-2018-12280 y HWPSIRT-2018-12289) A las siete vulnerabilidades se les han asignado siete identificadores de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 y CVE-2020-1824.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@huawei.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@huawei.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"074FE8AB-6BE1-4E77-84E2-1D5C7205D0E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC0C5A24-3F4E-4F1F-BC3C-7DC6707712CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A9007D-D6AD-4DB9-A0AC-1E400AEC0884\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BAD43A3-730A-4ABC-89F0-DF93A06AA60F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F46A81BE-C125-4CAE-8EE1-23177FE0C21E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5524ABE8-D4C4-4BCC-BB57-D1E47480330D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D57DC59-B234-463F-8BBD-631B7EE9928C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"547D4A9A-6B57-4BBA-9FFE-CF50B9AC5DF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"728A7B78-6E19-4656-848F-269DB955070C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A26FE369-FDB8-4425-B51A-465A41FECE7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3462B41-1DC4-4451-9575-F81C52F7A23C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E054182-CE33-45E3-8595-159A75BA5162\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"946F5FF7-412F-40F9-A492-DE8E11E7B919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90C480FB-4D2C-49ED-A635-8B7BEFD95193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AC093ED-A979-4484-B758-1C16DF2D6030\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE8CA649-7AE1-497C-869B-B4DD315F342C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7EE3877-6344-466D-90B0-68CF4A53A256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6FCA659-5DF8-44EA-91B6-A80FBB68322A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"875441DD-575F-4F4D-A6BD-23C38641D330\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8AEAB1-6106-47A2-8207-67E557A8BF80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD7E147-B39E-4C6F-BA5F-F046F3AE4728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68E9D32D-46F1-495B-BF83-308DFF8822F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C281B511-7A27-4FC6-9427-AE5AD7C302F3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"627F40B6-8CD1-47EE-8937-F1FAAAB86F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE084FC-27EB-4CE6-B529-508DA690C9D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6C14DF5-42F7-470F-B3DD-52B5A0770EC0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB7FBB2-1CC6-4DA3-85AB-66562B0A9198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"391BFC6B-9AE6-49D7-855A-CB94AD1EE5C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE469876-F873-4705-9760-097AE840A818\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"778A61F5-661E-4B41-B08D-C623957BEEE9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:usg6000v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88E8A1C0-CD02-4D4E-8DFC-0E03CF914C68\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-1823\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-28T16:33:21.089526Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-28T16:33:40.854Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Huawei\", \"product\": \"IPS Module\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R001C30\"}, {\"status\": \"affected\", \"version\": \"V500R001C60\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"NGFW Module\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R002C00\"}, {\"status\": \"affected\", \"version\": \"V500R002C20\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"NIP6300\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R001C30\"}, {\"status\": \"affected\", \"version\": \"V500R001C60\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"NIP6600\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R001C30\"}, {\"status\": \"affected\", \"version\": \"V500R001C60\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"NIP6800\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R001C60\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"Secospace USG6300\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R001C30\"}, {\"status\": \"affected\", \"version\": \"V500R001C60\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"Secospace USG6500\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R001C30\"}, {\"status\": \"affected\", \"version\": \"V500R001C60\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"Secospace USG6600\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R001C30\"}, {\"status\": \"affected\", \"version\": \"V500R005C00\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"USG6000V\", \"versions\": [{\"status\": \"affected\", \"version\": \"V500R003C00\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\\n\\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThere are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\u003c/p\u003e\u003cp\u003eThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"shortName\": \"huawei\", \"dateUpdated\": \"2024-12-28T06:29:49.051Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-1823\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-28T16:33:45.933Z\", \"dateReserved\": \"2019-11-29T00:00:00.000Z\", \"assignerOrgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"datePublished\": \"2024-12-28T06:29:49.051Z\", \"assignerShortName\": \"huawei\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.