First published: Mon Feb 17 2020(Updated: )
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Nip6800 Firmware | =v500r001c30 | |
Huawei Nip6800 Firmware | =v500r001c60spc500 | |
Huawei Nip6800 Firmware | =v500r005c00 | |
Huawei NIP6800 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c30spc200 | |
Huawei Secospace Usg6600 Firmware | =v500r001c30spc600 | |
Huawei Secospace Usg6600 Firmware | =v500r001c60spc500 | |
Huawei Secospace Usg6600 Firmware | =v500r005c00 | |
Huawei Secospace USG6600 | ||
Huawei Usg9500 Firmware | =v500r001c30spc200 | |
Huawei Usg9500 Firmware | =v500r001c30spc600 | |
Huawei Usg9500 Firmware | =v500r001c60spc500 | |
Huawei Usg9500 Firmware | =v500r005c00 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Vulnerability CVE-2020-1828 is an input validation vulnerability in Huawei NIP6800 and Secospace USG6600 and USG9500, allowing attackers to bypass security measures.
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00, as well as Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 are affected by CVE-2020-1828.
CVE-2020-1828 has a severity level of 7.5 (high).
To fix vulnerability CVE-2020-1828, it is recommended to update to the latest firmware versions provided by Huawei.
You can find more information about vulnerability CVE-2020-1828 on the official Huawei Security Advisories page.