Description
There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
13.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (25)
huawei/cloudengine_12800_firmware
v200r002c50spc800
huawei/cloudengine_12800_firmware
v200r003c00spc810
huawei/cloudengine_12800_firmware
v200r005c00spc800
huawei/cloudengine_12800_firmware
v200r005c10spc800
huawei/cloudengine_12800_firmware
v200r019c00spc800
huawei/cloudengine_12800_firmware
v200r019c10spc800
huawei/cloudengine_5800_firmware
v200r002c50spc800
huawei/cloudengine_5800_firmware
v200r003c00spc810
huawei/cloudengine_5800_firmware
v200r005c00spc800
huawei/cloudengine_5800_firmware
v200r005c10spc800
... and 15 more
Published
Jan 13, 2021
Tracked Since
Feb 18, 2026