CVE-2020-1865

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 86.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Cloudengine 12800 Firmware Huawei Cloudengine 5800 Firmware Huawei Cloudengine 6800 Firmware +1 more

Timeline

PublishedJan 13

Latest updateMay 24

Description

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDhuawei/cloudengine_5800_firmware6 versions+5

▶NVDhuawei/cloudengine_6800_firmware7 versions+6

▶NVDhuawei/cloudengine_7800_firmware6 versions+5

▶NVDhuawei/cloudengine_12800_firmware6 versions+5

🔴Vulnerability Details

GHSA

GHSA-vpxx-wvjv-769j: There is an out-of-bounds read vulnerability in Huawei CloudEngine products↗2022-05-24

▶

CVEList

CVE-2020-1865: There is an out-of-bounds read vulnerability in Huawei CloudEngine products↗2021-01-13

▶