CVE-2020-1828

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:nip6800_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6800_firmware:v500r001c60spc500:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc200:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc600:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60spc500:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:*:*:*:*:*:*:*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:*:*:*:*:*:*:*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:*:*:*:*:*:*:*
cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

Information

Published : 2020-02-17 12:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-1828

Mitre link : CVE-2020-1828


JSON object : View

CWE
CWE-125

Out-of-bounds Read

CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

huawei

  • secospace_usg6600
  • usg9500
  • nip6800
  • nip6800_firmware
  • usg9500_firmware
  • secospace_usg6600_firmware