CVE-2020-1829

CWE-4154 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 51.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Huawei Nip6800Huawei Secospace Usg6600Huawei Usg9500+3 more
Timeline
PublishedFeb 17
Latest updateMay 24

Description

Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

CVEListV5huawei/secospace_usg6600V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500+2
NVDhuawei/secospace_usg6600_firmwarev500r001c30spc200, v500r001c30spc600, v500r001c60spc500+2
CVEListV5huawei/nip6800V500R001C30, V500R001C60SPC500+1
CVEListV5huawei/usg9500V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500+2
NVDhuawei/nip6800_firmwarev500r001c30, v500r001c60spc500+1

🔴Vulnerability Details

2
GHSA
GHSA-rcx8-6xcx-7vh9: Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R02022-05-24
CVEList
CVE-2020-1829: Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R02020-02-17

💬Community

1
Bugzilla
CVE-2020-10233 sleuthkit: Heap based buffer overead in in ntfs_dinode_lookup() in fs/ntfs.c2020-03-09
CVE-2020-1829 (HIGH CVSS 7.5) | Huawei NIP6800 versions V500R001C30 | cvebase.io