CVE-2020-1873
Last modified
CVE-2020-1873 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. EPSS estimates a 0.77% chance of exploitation in the next 30 days.
Description
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Nip6800 Firmware | v500r001c30 |
| Huawei | Nip6800 Firmware | v500r001c60spc500 |
| Huawei | Nip6800 Firmware | v500r005c00spc100 |
| Huawei | Secospace Usg6600 Firmware | v500r001c30spc200 |
| Huawei | Secospace Usg6600 Firmware | v500r001c30spc600 |
| Huawei | Secospace Usg6600 Firmware | v500r001c60spc500 |
| Huawei | Secospace Usg6600 Firmware | v500r005c00spc100 |
| Huawei | Usg9500 Firmware | v500r001c30spc200 |
| Huawei | Usg9500 Firmware | v500r001c30spc600 |
| Huawei | Usg9500 Firmware | v500r001c60spc500 |
| Huawei | Usg9500 Firmware | v500r005c00spc100 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-1873?
How severe is CVE-2020-1873?
How do I fix CVE-2020-1873?
Are you affected by CVE-2020-1873?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST