Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Filtered by product Secospace Usg6600 Firmware
Total 81 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1866 1 Huawei 18 Nip6800, Nip6800 Firmware, S12700 and 15 more 2024-11-21 3.3 LOW 6.5 MEDIUM
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.
CVE-2020-1860 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.
CVE-2020-1858 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Attackers need to perform a series of operations in a special scenario to exploit this vulnerability. Successful exploit may cause the new connections can't be established, result in a denial of service.
CVE-2020-1857 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage.
CVE-2020-1856 1 Huawei 12 Ngfw Module, Ngfw Module Firmware, Nip6300 and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.
CVE-2020-1847 1 Huawei 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.
CVE-2020-1830 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service.
CVE-2020-1829 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service.
CVE-2020-1828 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.
CVE-2020-1827 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.
CVE-2020-1816 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 4.3 MEDIUM 7.5 HIGH
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal.
CVE-2020-1815 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 4.3 MEDIUM 7.5 HIGH
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust.
CVE-2020-1814 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-11-21 3.5 LOW 5.3 MEDIUM
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.
CVE-2019-5304 1 Huawei 52 Ar120-s, Ar120-s Firmware, Ar1200 and 49 more 2024-11-21 7.8 HIGH 7.5 HIGH
Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.
CVE-2019-5258 1 Huawei 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.
CVE-2019-5257 1 Huawei 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network.
CVE-2019-5256 1 Huawei 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot.
CVE-2019-5255 1 Huawei 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service.
CVE-2019-5254 1 Huawei 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more 2024-11-21 5.0 MEDIUM 8.6 HIGH
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.
CVE-2019-19417 1 Huawei 100 Ar120-s, Ar120-s Firmware, Ar1200 and 97 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.