Description
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)
The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.
The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | IPS Module | unaffected |
|
||||||||||||
| Huawei | NGFW Module | unaffected |
|
||||||||||||
| Huawei | NIP6300 | unaffected |
|
||||||||||||
| Huawei | NIP6600 | unaffected |
|
||||||||||||
| Huawei | NIP6800 | unaffected |
|
||||||||||||
| Huawei | Secospace USG6300 | unaffected |
|
||||||||||||
| Huawei | Secospace USG6500 | unaffected |
|
||||||||||||
| Huawei | Secospace USG6600 | unaffected |
|
||||||||||||
| Huawei | USG6000V | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2020-12646 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. |
References
History
Tue, 14 Jan 2025 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Huawei
Huawei ips Module Huawei ips Module Firmware Huawei ngfw Module Huawei ngfw Module Firmware Huawei nip6300 Huawei nip6300 Firmware Huawei nip6600 Huawei nip6600 Firmware Huawei nip6800 Huawei nip6800 Firmware Huawei secospace Usg6300 Huawei secospace Usg6300 Firmware Huawei secospace Usg6500 Huawei secospace Usg6500 Firmware Huawei secospace Usg6600 Huawei secospace Usg6600 Firmware Huawei usg6000v Huawei usg6000v Firmware |
|
| CPEs | cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:usg6000v:-:*:*:*:*:*:*:* cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:* cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:*:*:*:*:*:*:* cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:*:*:*:*:*:*:* cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:* cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:* cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:* cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:* |
|
| Vendors & Products |
Huawei
Huawei ips Module Huawei ips Module Firmware Huawei ngfw Module Huawei ngfw Module Firmware Huawei nip6300 Huawei nip6300 Firmware Huawei nip6600 Huawei nip6600 Firmware Huawei nip6800 Huawei nip6800 Firmware Huawei secospace Usg6300 Huawei secospace Usg6300 Firmware Huawei secospace Usg6500 Huawei secospace Usg6500 Firmware Huawei secospace Usg6600 Huawei secospace Usg6600 Firmware Huawei usg6000v Huawei usg6000v Firmware |
Tue, 31 Dec 2024 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 28 Dec 2024 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | |
| Weaknesses | CWE-125 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
Huawei
Subscribe
Ips Module
Subscribe
Ips Module Firmware
Subscribe
Ngfw Module
Subscribe
Ngfw Module Firmware
Subscribe
Nip6300
Subscribe
Nip6300 Firmware
Subscribe
Nip6600
Subscribe
Nip6600 Firmware
Subscribe
Nip6800
Subscribe
Nip6800 Firmware
Subscribe
Secospace Usg6300
Subscribe
Secospace Usg6300 Firmware
Subscribe
Secospace Usg6500
Subscribe
Secospace Usg6500 Firmware
Subscribe
Secospace Usg6600
Subscribe
Secospace Usg6600 Firmware
Subscribe
Usg6000v
Subscribe
Usg6000v Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: huawei
Published:
Updated: 2024-12-31T17:17:05.860Z
Reserved: 2019-11-29T00:00:00.000Z
Link: CVE-2020-1820
Vulnrichment
Updated: 2024-12-31T17:17:02.348Z
NVD
Status : Analyzed
Published: 2024-12-28T07:15:17.230
Modified: 2025-01-13T18:40:36.910
Link: CVE-2020-1820
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses