CVE-2020-1881 — Uncontrolled Resource Consumption in Huawei Nip6800 Firmware

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 55.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Nip6800 Firmware Huawei Oceanstor 5310 Firmware Huawei Secospace Usg6600 Firmware +1 more

Timeline

PublishedFeb 28

Latest updateMay 24

Description

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDhuawei/secospace_usg6600_firmwarev500r001c30spc200, v500r001c30spc600+1

▶NVDhuawei/nip6800_firmwarev500r001c30

▶NVDhuawei/usg9500_firmwarev500r001c30spc200, v500r001c30spc600+1

▶NVDhuawei/oceanstor_5310_firmwarev500r007c60spc100

🔴Vulnerability Details

GHSA

GHSA-4pgq-jrr4-gr53: NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vu↗2022-05-24

▶

CVEList

CVE-2020-1881: NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vu↗2020-02-28

▶

💥Exploits & PoCs

Exploit-DB

AnyDesk 5.5.2 - Remote Code Execution↗2021-03-03

▶