#VU48391 Input validation error in Huawei Hardware solutions


Published: 2020-11-12

Vulnerability identifier: #VU48391

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-1847

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Huawei NIP6300
Server applications / IDS/IPS systems, Firewalls and proxy servers
Huawei NIP6600
Server applications / IDS/IPS systems, Firewalls and proxy servers
Huawei Secospace USG6300
Server applications / Server solutions for antivurus protection
Huawei Secospace USG6500
Server applications / Server solutions for antivurus protection
Huawei Secospace USG6600
Server applications / Server solutions for antivurus protection
USG9500
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Huawei

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient protection against the attack scenario of specific protocol. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Huawei NIP6300: V500R001C30 - V500R001C60

Huawei NIP6600: V500R001C30 - V500R001C60

Huawei Secospace USG6300: V500R001C30 - V500R001C60

Huawei Secospace USG6500: V500R001C30 - V500R001C60

Huawei Secospace USG6600: V500R001C30 - V500R001C60

USG9500: V500R001C60


CPE

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-dos-en


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability