First published: Thu Dec 24 2020(Updated: )
There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Nip6800 Firmware | =v500r001c30 | |
Huawei Nip6800 Firmware | =v500r001c60spc500 | |
Huawei Nip6800 Firmware | =v500r005c00 | |
Huawei NIP6800 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c30spc200 | |
Huawei Secospace Usg6600 Firmware | =v500r001c30spc600 | |
Huawei Secospace Usg6600 Firmware | =v500r001c60spc500 | |
Huawei Secospace Usg6600 Firmware | =v500r005c00 | |
Huawei Secospace USG6600 | ||
Huawei Usg9500 Firmware | =v500r001c30spc200 | |
Huawei Usg9500 Firmware | =v500r001c30spc600 | |
Huawei Usg9500 Firmware | =v500r001c60spc500 | |
Huawei Usg9500 Firmware | =v500r005c00 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9201 is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600, and USG9500.
The severity of CVE-2020-9201 is medium with a severity value of 6.5.
The affected software versions include Huawei Nip6800 Firmware v500r001c30, v500r001c60spc500, and v500r005c00, as well as Huawei Secospace Usg6600 Firmware v500r001c30spc200, v500r001c30spc600, and v500r005c00, and Huawei Usg9500 Firmware v500r001c30spc200, v500r001c30spc600, and v500r005c00.
A successful exploit of CVE-2020-9201 could cause certain service abnormalities.
You can find more information about CVE-2020-9201 on the official Huawei website.