CVE-2020-1828
HIGHHuawei NIP6800 <V500R001C30-V500R005C00 & Secospace USG6600/9500 <V...
Title source: llmDescription
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-ipsec-en
Scores
CVSS v3
7.5
EPSS
0.0025
EPSS Percentile
48.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
CWE-20
Status
published
Products (11)
huawei/nip6800_firmware
v500r001c30
huawei/nip6800_firmware
v500r001c60spc500
huawei/nip6800_firmware
v500r005c00
huawei/secospace_usg6600_firmware
v500r001c30spc200
huawei/secospace_usg6600_firmware
v500r001c30spc600
huawei/secospace_usg6600_firmware
v500r001c60spc500
huawei/secospace_usg6600_firmware
v500r005c00
huawei/usg9500_firmware
v500r001c30spc200
huawei/usg9500_firmware
v500r001c30spc600
huawei/usg9500_firmware
v500r001c60spc500
... and 1 more
Published
Feb 17, 2020
Tracked Since
Feb 18, 2026