First published: Fri Feb 28 2020(Updated: )
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Nip6800 Firmware | =v500r001c30 | |
Huawei Nip6800 Firmware | =v500r001c60spc500 | |
Huawei Nip6800 Firmware | =v500r005c00 | |
Huawei NIP6800 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c30spc200 | |
Huawei Secospace Usg6600 Firmware | =v500r001c30spc600 | |
Huawei Secospace Usg6600 Firmware | =v500r001c60spc500 | |
Huawei Secospace Usg6600 Firmware | =v500r005c00 | |
Huawei Secospace USG6600 | ||
Huawei Usg9500 Firmware | =v500r001c30spc200 | |
Huawei Usg9500 Firmware | =v500r001c30spc600 | |
Huawei Usg9500 Firmware | =v500r001c60spc500 | |
Huawei Usg9500 Firmware | =v500r005c00 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-1877 is a vulnerability that affects NIP6800, Secospace USG6600, and USG9500 devices with specific versions of V500R001C30, V500R001C60SPC500, and V500R005C00SPC100 firmware.
The severity of CVE-2020-1877 is rated as medium, with a CVSS score of 4.4 out of 10.
CVE-2020-1877 affects Huawei NIP6800, Secospace USG6600, and USG9500 devices when running specific firmware versions.
CVE-2020-1877 can be exploited when an administrator logs in to the affected device and performs certain operations.
Yes, Huawei has released a security advisory with detailed instructions on how to mitigate the vulnerability. Please refer to the following link for more information: [Huawei Security Advisory SA-20200219-05](https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-05-invalidpointer-en)