CVE-2020-1824

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-1824
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

3.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg6000v:-:*:*:*:*:*:*:*
History

13 Jan 2025, 18:39

Type Values Removed Values Added
Summary
  • (es) Existen múltiples vulnerabilidades de lectura fuera de los límites (OOB) en la implementación del protocolo Common Open Policy Service (COPS) de algunos productos Huawei. La función de decodificación específica puede realizar una lectura fuera de los límites cuando se procesa un paquete de datos entrante. La explotación exitosa de estas vulnerabilidades puede interrumpir el servicio en el dispositivo afectado. (ID de vulnerabilidad: HWPSIRT-2018-12275, HWPSIRT-2018-12276, HWPSIRT-2018-12277, HWPSIRT-2018-12278, HWPSIRT-2018-12279, HWPSIRT-2018-12280 y HWPSIRT-2018-12289) A las siete vulnerabilidades se les han asignado siete identificadores de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 y CVE-2020-1824.
First Time Huawei ips Module Firmware
Huawei nip6800 Firmware
Huawei secospace Usg6600 Firmware
Huawei secospace Usg6600
Huawei ngfw Module Firmware
Huawei ips Module
Huawei usg6000v Firmware
Huawei nip6600 Firmware
Huawei secospace Usg6300 Firmware
Huawei ngfw Module
Huawei nip6800
Huawei usg6000v
Huawei secospace Usg6300
Huawei nip6300
Huawei
Huawei nip6600
Huawei nip6300 Firmware
Huawei secospace Usg6500 Firmware
Huawei secospace Usg6500
CPE cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg6000v:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
References () https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en - () https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en - Vendor Advisory

28 Dec 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-28 07:15

Updated : 2025-01-13 18:39

NVD link : CVE-2020-1824

Mitre link : CVE-2020-1824

CVE.ORG link : CVE-2020-1824

JSON object : View

Products Affected

huawei

  • usg6000v
  • secospace_usg6300
  • secospace_usg6500
  • usg6000v_firmware
  • ips_module_firmware
  • ips_module
  • nip6800
  • nip6300
  • nip6600
  • nip6600_firmware
  • secospace_usg6500_firmware
  • secospace_usg6600_firmware
  • secospace_usg6600
  • secospace_usg6300_firmware
  • ngfw_module_firmware
  • nip6300_firmware
  • nip6800_firmware
  • ngfw_module
CWE
CWE-125

Out-of-bounds Read