First published: Fri Jul 17 2020(Updated: )
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Ips Module Firmware | =v500r005c00 | |
Huawei Ips Module Firmware | =v500r005c10 | |
Huawei IPS Module | ||
Huawei Ngfw Module Firmware | =v500r005c00 | |
Huawei Ngfw Module Firmware | =v500r005c10 | |
Huawei NGFW Module | ||
Huawei Secospace Usg6300 Firmware | =v500r001c30 | |
Huawei Secospace Usg6300 Firmware | =v500r001c60 | |
Huawei Secospace Usg6300 Firmware | =v500r005c00 | |
Huawei Secospace Usg6300 Firmware | =v500r005c10 | |
Huawei Secospace USG6300 | ||
Huawei Secospace Usg6500 Firmware | =v500r001c30 | |
Huawei Secospace Usg6500 Firmware | =v500r001c60 | |
Huawei Secospace Usg6500 Firmware | =v500r005c00 | |
Huawei Secospace Usg6500 Firmware | =v500r005c10 | |
Huawei Secospace Usg6500 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c30 | |
Huawei Secospace Usg6600 Firmware | =v500r001c60 | |
Huawei Secospace Usg6600 Firmware | =v500r005c00 | |
Huawei Secospace Usg6600 Firmware | =v500r005c10 | |
Huawei Secospace USG6600 | ||
Huawei Usg9500 Firmware | =v500r001c30 | |
Huawei Usg9500 Firmware | =v500r001c60 | |
Huawei Usg9500 Firmware | =v500r005c00 | |
Huawei Usg9500 Firmware | =v500r005c10 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9101 is an out-of-bounds write vulnerability in some Huawei products.
An attacker crafts malformed packets with specific parameters and sends them to the affected products, causing a process reboot.
CVE-2020-9101 has a severity rating of 6.5 (medium).
Huawei IPS Module, Huawei Ngfw Module, Huawei Secospace Usg6300 Firmware, Huawei Secospace Usg6500 Firmware, Huawei Secospace Usg6600 Firmware, and Huawei Usg9500 Firmware.
Update the affected Huawei products to the latest firmware version provided by Huawei.