CVE-2020-9067

{"id": "CVE-2020-9067", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2020-04-02T21:15:13.927", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en algunos productos Huawei. Un atacante puede explotar la vulnerabilidad para llevar a cabo una ejecuci\u00f3n de c\u00f3digo remota en los productos afectados cuando el producto afectado funciona como un terminal de l\u00ednea \u00f3ptica (OLT). Las versiones de productos afectados incluyen: SmartAX MA5600T versiones V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versiones V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versiones V100R018C00, V100R018C10, V100R019C10."}], "lastModified": "2020-04-03T20:56:25.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r013c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A164C700-0C00-4536-9DC7-28212B3A578D"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE95BA25-1998-422B-AC3D-8EF1A60C8564"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DC8A216-F784-4038-8A8E-2118D81ABD76"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBEE3413-8909-48D1-94AA-6EBAAA40CEE0"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E713F2DA-18E2-4CAF-8972-DF742627BBB7"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0608D68B-B4A6-4B83-B6ED-8A892AA38605"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AC87D54-20D5-49C7-8698-297617ECA6D1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:smartax_ma5600t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14106F76-4E6B-4377-ACFC-FDE6C3DB8FA8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78BD802F-5A10-42A4-AE67-F28A70DA1468"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9248DC4A-07C7-446F-A95D-C4CEC1BFA7A1"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D08191BA-E7E6-402F-8653-70A9044607D4"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B653563E-34ED-49E1-B79C-2074BA426BF2"}, {"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r019c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FF7926F-0868-41A9-BFB9-25A65982D06F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:smartax_ma5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E647FBD-CD79-442B-AAC5-64A2419BBD76"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "019082B0-5A44-4655-91CC-C4C945CEE9B3"}, {"criteria": "cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92096DD2-2E6D-4344-ABEF-E32360C9FE92"}, {"criteria": "cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r019c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEEB7EF9-0C90-4499-BE9D-2C649FA12572"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:smartax_ea5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7598F036-E6B9-4552-B79F-800417F94CFD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}