CVE-2020-1815

HIGH

Huawei NIP6800 <V500R001C30-V500R005C00 - Memory Corruption

Title source: llm

Description

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 48.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (11)

huawei/nip6800_firmware

huawei/secospace_usg6600_firmware

huawei/usg9500_firmware

Timeline

Published Feb 18, 2020

Tracked Since Feb 18, 2026