Multiple vulnerabilities in Some Huawei Products



Published: 2020-02-05 | Updated: 2020-02-19
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2020-1857
CVE-2020-1813
CVE-2020-1830
CVE-2020-1828
CVE-2020-1814
CVE-2020-1816
CVE-2020-1815
CVE-2020-1860
CVE-2020-1877
CVE-2020-1876
CWE-ID CWE-200
CWE-401
CWE-125
CWE-20
CWE-284
CWE-824
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Huawei NIP6800
Server applications / IDS/IPS systems, Firewalls and proxy servers

Huawei Secospace USG6600
Server applications / Server solutions for antivurus protection

USG9500
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Huawei

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

Updated 12.02.2020
Added vulnerability #2
Updated 13.02.2020
Added vulnerability #3-5
Updated 19.02.2020
Added vulnerabilities #6-10

1) Information disclosure

EUVDB-ID: #VU24947

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1857

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to improper processing of some data. A local user can exploit this vulnerability through a series of operations and gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00SPC100

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00SPC100


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-leakage-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Memory leak

EUVDB-ID: #VU25273

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1813

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform (DoS) attack on the target system.

The vulnerability exists due to the affected software does not sufficiently track and release allocated memory while parse certain message. A remote authenticated attacker can trigger memory consumption and cause a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU25274

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1830

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when IPSec Module handing a specific message. A remote attacker can send specific message, trigger 1 byte out-of-bounds read error and compromise normal service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-04-ipsec-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Input validation error

EUVDB-ID: #VU25275

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-1828

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when the IPSec module does not validate a field in a specific message. A remote attacker can send a specially crafted message, cause out-of-bound read and compromise normal service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Input validation error

EUVDB-ID: #VU25276

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-1814

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing specific IPSEC packets. A remote attacker can send a specially crafted IPSEC packet to affected devices and cause the IPSEC function of the affected device abnormal.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-firewall-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Input validation error

EUVDB-ID: #VU25432

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-1816

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper processing of specific IPSEC packets. A remote attacker can send specially crafted IPSEC packets to affected devices and cause the IPSEC function of the affected device abnormal.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-firewall-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Memory leak

EUVDB-ID: #VU25431

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1815

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due to the affected software does not sufficiently track and release allocated memory while parse certain message. A remote authenticated attacker can send specially crafted message, consume remaining memory and cause memory exhaust.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Improper access control

EUVDB-ID: #VU25430

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1860

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker on the local network can bypass implemented security restrictions and directly access the Internet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30 - V500R005C00

USG9500: V500R001C30 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Access of Uninitialized Pointer

EUVDB-ID: #VU25441

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1877

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected software system access an invalid pointer when administrator log in to the device and performs some operations. A local administrator can cause certain process reboot.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R001C60SPC500

Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C60SPC500

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-05-invalidpointer-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds read

EUVDB-ID: #VU25440

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1876

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing packets. A remote attacker on the local network can send a specially crafted packet with specific parameter, trigger out-of-bounds read error and cause the device reboot.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6800: V500R001C30 - V500R005C00

Huawei Secospace USG6600: V500R001C30SPC600 - V500R005C00

USG9500: V500R001C30SPC200 - V500R005C00


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###