CVE-2020-9201

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 85.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Nip6800 Firmware Huawei Secospace Usg6600 Firmware Huawei Usg9500 Firmware

Timeline

PublishedDec 24

Latest updateMay 24

Description

There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDhuawei/secospace_usg6600_firmware4 versions+3

▶NVDhuawei/nip6800_firmwarev500r001c30, v500r001c60spc500, v500r005c00+2

▶NVDhuawei/usg9500_firmware4 versions+3

🔴Vulnerability Details

GHSA

GHSA-p7q8-r4h2-p9qq: There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500↗2022-05-24

▶

CVEList

CVE-2020-9201: There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500↗2020-12-24

▶