CVE-2020-1823

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:::::::*
	cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:::::::*
	cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:::::::*
	cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:::::::*
	cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:::::::*
	cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:::::::*
	cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:::::::*
	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg6000v:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-28 07:15

Updated : 2025-01-13 18:39

NVD link : CVE-2020-1823

Mitre link : CVE-2020-1823

CVE.ORG link : CVE-2020-1823

JSON object : View

Products Affected

huawei

nip6600_firmware
ngfw_module_firmware
ips_module_firmware
nip6300
secospace_usg6300_firmware
secospace_usg6500_firmware
usg6000v
secospace_usg6600_firmware
nip6800_firmware
nip6300_firmware
secospace_usg6500
usg6000v_firmware
ips_module
nip6600
secospace_usg6300
secospace_usg6600
ngfw_module
nip6800

CWE

CWE-125

Out-of-bounds Read

3.7 /10