CVE-2020-9087Out-of-bounds Read in Huawei Taurus-al00a Firmware

CWE-125Out-of-bounds Read3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Taurus-al00a Firmware
Timeline
PublishedOct 12
Latest updateMay 24

Description

Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5huawei/taurus-al00a_firmware10.0.0.1(C00E1R1P1)
NVDhuawei/taurus-al00a_firmware10.0.0.1\(c00e1r1p1\)

🔴Vulnerability Details

2
GHSA
GHSA-cq5p-pr6h-gvqr: Taurus-AL00A version 102022-05-24
CVEList
CVE-2020-9087: Taurus-AL00A version 102020-10-12
CVE-2020-9087 — Out-of-bounds Read in Huawei | cvebase