CVE-2020-1821

LOW

Huawei IPS and NGFW Module Firmware - Out-of-Bounds Read in COPS Protocol

Title source: llm

Description

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

References (1)

Core 1

Core References

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en

Scores

CVSS v3 3.7

EPSS 0.0008

EPSS Percentile 23.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (23)

huawei/ips_module_firmware v500r001c30

huawei/ips_module_firmware v500r001c60

huawei/ips_module_firmware v500r005c00

huawei/ngfw_module_firmware v500r002c00

huawei/ngfw_module_firmware v500r002c20

huawei/ngfw_module_firmware v500r005c00

huawei/nip6300_firmware v500r001c30

huawei/nip6300_firmware v500r001c60

huawei/nip6300_firmware v500r005c00

huawei/nip6600_firmware v500r001c30

... and 13 more

Published Dec 28, 2024

Tracked Since Feb 18, 2026