CVE-2020-9201

{"id": "CVE-2020-9201", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-12-24T16:15:16.147", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-04-eudemon-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-04-eudemon-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en algunas versiones de NIP6800, Secospace USG6600 y USG9500. El software lee los datos m\u00e1s all\u00e1 del final del b\u00fafer previsto cuando se analizan los mensajes DHCP, incluyendo el par\u00e1metro dise\u00f1ado. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar un servicio anormal"}], "lastModified": "2024-11-21T05:40:09.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r001c30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B3D681F-E141-4BB1-9437-8BFE286CB164"}, {"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r001c60spc500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38F1E7A-0347-4E45-A0B6-CB8CE0D8A07E"}, {"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6FCA659-5DF8-44EA-91B6-A80FBB68322A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "875441DD-575F-4F4D-A6BD-23C38641D330"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA7BE1F-853E-4CBA-8A90-BAEA0BCC6A97"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc600:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B80E521E-1BFB-405E-9F8E-4A0734731FD0"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60spc500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5226BD96-2B00-469B-AADD-CD0541610BBD"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "391BFC6B-9AE6-49D7-855A-CB94AD1EE5C1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0BF5257-8CD1-4951-9C53-07B85D468F8B"}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E2CDEF7-F8C8-482E-B43D-DB3F0CE010F8"}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A1EFB9D-5349-4EAF-9880-34F0D20011E4"}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E961C6AA-400A-41CF-A230-FE7182875F1F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}