CVE-2020-9098

Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en	Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:oceanstor_5310_firmware:v500r007c60spc100:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_5310:v5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-30 22:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-9098

Mitre link : CVE-2020-9098

CVE.ORG link : CVE-2020-9098

JSON object : View

Products Affected

huawei

oceanstor_5310_firmware
oceanstor_5310

CWE

CWE-763

Release of Invalid Pointer or Reference

{"id": "CVE-2020-9098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-04-30T22:15:12.293", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-763"}]}], "descriptions": [{"lang": "en", "value": "Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot."}, {"lang": "es", "value": "El producto Huawei OceanStor 5310 con versi\u00f3n V500R007C60SPC100, tiene una vulnerabilidad de acceso de puntero no v\u00e1lido. El sistema de software accede a un puntero no v\u00e1lido al momento de un paquete malformado por el atacante. Debido a la comprobaci\u00f3n insuficiente de alg\u00fan par\u00e1metro, una explotaci\u00f3n con \u00e9xito podr\u00eda causar el reinicio del dispositivo."}], "lastModified": "2020-05-05T19:01:57.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_5310_firmware:v500r007c60spc100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58CACDE1-B634-4617-9C06-CEF8C15560E0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_5310:v5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0349C9CD-761C-4B24-92A7-9BDA5566C493"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}