CVE-2020-9098 - OpenCVE

Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Oceanstor 5310 Oceanstor 5310 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:huawei:oceanstor_5310:v5:*:*:*:*:*:*:*

cpe:2.3:o:huawei:oceanstor_5310_firmware:v500r007c60spc100:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-04-30T21:25:23

Updated: 2024-08-04T10:19:19.683Z

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9098

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-30T22:15:12.293

Modified: 2020-05-05T19:01:57.553

Link: CVE-2020-9098

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "OceanStor 5310 V5", "vendor": "n/a", "versions": [{"status": "affected", "version": "V500R007C60SPC100"}]}], "descriptions": [{"lang": "en", "value": "Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot."}], "problemTypes": [{"descriptions": [{"description": "Invalid Pointer Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-01T05:06:05", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9098", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OceanStor 5310 V5", "version": {"version_data": [{"version_value": "V500R007C60SPC100"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Invalid Pointer Access"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}, {"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:19.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9098", "datePublished": "2020-04-30T21:25:23", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2024-08-04T10:19:19.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_5310:v5:*:*:*:*:*:*:*", "matchCriteriaId": "0349C9CD-761C-4B24-92A7-9BDA5566C493", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_5310_firmware:v500r007c60spc100:*:*:*:*:*:*:*", "matchCriteriaId": "58CACDE1-B634-4617-9C06-CEF8C15560E0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot."}, {"lang": "es", "value": "El producto Huawei OceanStor 5310 con versi\u00f3n V500R007C60SPC100, tiene una vulnerabilidad de acceso de puntero no v\u00e1lido. El sistema de software accede a un puntero no v\u00e1lido al momento de un paquete malformado por el atacante. Debido a la comprobaci\u00f3n insuficiente de alg\u00fan par\u00e1metro, una explotaci\u00f3n con \u00e9xito podr\u00eda causar el reinicio del dispositivo."}], "id": "CVE-2020-9098", "lastModified": "2020-05-05T19:01:57.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-30T22:15:12.293", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}]}