#VU49225 Out-of-bounds read in Huawei products - CVE-2020-1866
Published: January 4, 2021
Vulnerability identifier: #VU49225
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1866
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Huawei NIP6800
Huawei S12700
Huawei S5700
Huawei S2700
Huawei S6700
Huawei S7700
Huawei S9700
USG9500
Huawei Secospace USG6600
Huawei NIP6800
Huawei S12700
Huawei S5700
Huawei S2700
Huawei S6700
Huawei S7700
Huawei S9700
USG9500
Huawei Secospace USG6600
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when parsing certain crafted DHCP messages. A remote attacker on the local network can trigger out-of-bounds read error and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.