Strix
26.1K

CVE-2020-9086

MEDIUMCVSS 4.3/10EPSS 0.20%

Last modified

CVE-2020-9086 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.

Metrics

CVSS 3.1
4.3/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
0.20%

10.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiB612 Firmwareb612s-25dtcpu-v100r001b192d03sp00c234
HuaweiB612 Firmwareb612s-25dtcpu-v100r001b192d03sp00c287
HuaweiB612 Firmwareb612s-25dtcpu-v100r001b192d05sp00c00

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2020-9086?
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.
How severe is CVE-2020-9086?
CVE-2020-9086 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2020-9086?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-9086?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST