Buffer overflow in Huawei products - CVE-2020-9101
Published: July 16, 2020
Vulnerability identifier: #VU30118
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-9101
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei IPS Module
Huawei NGFW Module
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
USG9500
Huawei IPS Module
Huawei NGFW Module
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
USG9500
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker on the local network can send a specially crafted packets with specific parameter, trigger memory corruption and cause a denial of service condition on the target system.
How to mitigate CVE-2020-9101
Install updates from vendor's website.