Show plain JSON{"id": "CVE-2020-1865", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-01-13T23:15:13.323", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en los productos Huawei CloudEngine. El software lee los datos m\u00e1s all\u00e1 del final del b\u00fafer previsto cuando se analiza determinado mensaje PIM, un atacante adyacente podr\u00eda enviar mensajes PIM dise\u00f1ados al dispositivo, una explotaci\u00f3n con \u00e9xito podr\u00eda causar una lectura fuera de l\u00edmites cuando el sistema realiza la operaci\u00f3n determinada"}], "lastModified": "2024-11-21T05:11:30.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A1D568-48C6-4CE4-8CD2-93F79F484448"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32438232-3341-4056-B801-AA8F0F9E8DEC"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EF3B57-0B07-40C0-943D-2C21EEE4D747"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6A9B879-DBF0-4F31-9BF8-7148BC2FCED5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "067ADFDC-B001-4270-9CA2-37F670B3BFAC"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2601F8EC-A011-4614-80CA-3A01D80D9B7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C78467A9-4091-4710-BFB8-A6FB0606BDF5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2923DC-9667-46F3-B879-C8C1DAECCC6F"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA3C214-FBB1-428A-8C0B-DF797296FC0E"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38CAD360-6AD5-4714-91BE-0AAB516EDA79"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCFEB001-EFF7-47AC-B67E-7B807780F009"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B76265-8C33-43A6-AAA7-7521B95F1C57"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7D33183-3C97-4EA6-90F7-55ED36F710E5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA5CC84F-27DD-4D5E-8F28-CD7D12EAD2D7"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5DDE2E-B7B3-4D7A-A3EA-C15F968F1186"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369FD60C-215C-4172-9CFC-39AD5492BE17"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAC7C877-066F-4FB8-9AB7-D038CE6E5D8D"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D96A7C4-88BE-4353-AC75-AF6841EEB6F9"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542A16DF-B995-417E-AE19-DFF9CC499D7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14C55E1D-E4E8-4E8F-8D3E-E3A72C5A45D8"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70D64B7D-AA9B-476B-8389-617799BAC702"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72424532-AB07-47DF-8301-275D6EC2F6D9"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4196899F-1AB3-429A-B334-3B059DFBCAFD"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA12B395-7D70-445A-B0FD-47363787D1EE"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "512A374E-09BE-4ACD-9F87-C1752C882778"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}