CVE-2020-1870 - OpenCVE

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Cloudengine 6800 Cloudengine 12800 Firmware Cloudengine 6800 Firmware Cloudengine 12800

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00:::::::*
	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc600:::::::*
	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10:::::::*

cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-05-29T19:13:26

Updated: 2020-11-18T22:56:08

Reserved: 2019-11-29T00:00:00

Link: CVE-2020-1870

JSON object: View

NVD Information

Status : Modified

Published: 2020-05-29T20:15:11.357

Modified: 2020-11-18T23:15:12.477

Link: CVE-2020-1870

JSON object: View

Redhat Information

No data.

CWE

CWE-772

{"containers": {"cna": {"affected": [{"product": "CloudEngine 12800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R019C00SPC800"}]}, {"product": "CloudEngine 5800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R019C00SPC800"}]}, {"product": "CloudEngine 6800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R005C20SPC800"}, {"status": "affected", "version": "V200R019C00SPC800"}]}, {"product": "CloudEngine 7800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R019C00SPC800"}]}, {"product": "NE40E", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V800R011C00SPC200"}, {"status": "affected", "version": "V800R011C00SPC300"}, {"status": "affected", "version": "V800R011C10SPC100"}]}, {"product": "NE40E-F", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V800R011C00SPC200"}, {"status": "affected", "version": "V800R011C10SPC100"}]}, {"product": "NE40E-M", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V800R011C00SPC200"}, {"status": "affected", "version": "V800R011C10SPC100"}]}], "descriptions": [{"lang": "en", "value": "There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-18T22:56:08", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-1870", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CloudEngine 12800", "version": {"version_data": [{"version_value": "V200R019C00SPC800"}]}}, {"product_name": "CloudEngine 5800", "version": {"version_data": [{"version_value": "V200R019C00SPC800"}]}}, {"product_name": "CloudEngine 6800", "version": {"version_data": [{"version_value": "V200R005C20SPC800"}, {"version_value": "V200R019C00SPC800"}]}}, {"product_name": "CloudEngine 7800", "version": {"version_data": [{"version_value": "V200R019C00SPC800"}]}}, {"product_name": "NE40E", "version": {"version_data": [{"version_value": "V800R011C00SPC200"}, {"version_value": "V800R011C00SPC300"}, {"version_value": "V800R011C10SPC100"}]}}, {"product_name": "NE40E-F", "version": {"version_data": [{"version_value": "V800R011C00SPC200"}, {"version_value": "V800R011C10SPC100"}]}}, {"product_name": "NE40E-M", "version": {"version_data": [{"version_value": "V800R011C00SPC200"}, {"version_value": "V800R011C10SPC100"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-1870", "datePublished": "2020-05-29T19:13:26", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2020-11-18T22:56:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00:*:*:*:*:*:*:*", "matchCriteriaId": "0C9321AE-DC09-4878-8905-46AE93E8474B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc600:*:*:*:*:*:*:*", "matchCriteriaId": "6B58912A-A28B-467E-B109-A694194E4F32", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "matchCriteriaId": "067ADFDC-B001-4270-9CA2-37F670B3BFAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10:*:*:*:*:*:*:*", "matchCriteriaId": "2796CF7B-5EF3-451E-97EC-D8B885739969", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "matchCriteriaId": "8D96A7C4-88BE-4353-AC75-AF6841EEB6F9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100."}, {"lang": "es", "value": "Hay una vulnerabilidad denegaci\u00f3n de servicio en algunos productos Huawei. Debido a una administraci\u00f3n inapropiada de la memoria, pueden producirse fugas de memoria en algunos casos especiales. Los atacantes pueden llevar a cabo una serie de operaciones para explotar esta vulnerabilidad. Una explotaci\u00f3n con \u00e9xito puede causar una denegaci\u00f3n de servicio. Las versiones de productos afectados incluyen: CloudEngine 12800 versi\u00f3n V200R019C00SPC800; CloudEngine 5800 versi\u00f3n V200R019C00SPC800; CloudEngine 6800 versi\u00f3n V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versi\u00f3n V200R019C00SPC800; NE40E versi\u00f3n V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versi\u00f3n V800R011C00SPC200, V800R011C10SPC100; NE40E-M versi\u00f3n V800R011C00SPC200, V800R011C10SPC100."}], "id": "CVE-2020-1870", "lastModified": "2020-11-18T23:15:12.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-29T20:15:11.357", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}