There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P
Vendors Products
Huawei
  • Srg1300 Firmware
  • Ar160 Firmware
  • Ar2200
  • Ar2200-s Firmware
  • Ar510 Firmware
  • Ar120-s
  • Srg1300
  • Ar2200 Firmware
  • Ar150
  • Srg2300
  • Ar200-s Firmware
  • Ar3200
  • Ar120-s Firmware
  • Ar1200 Firmware
  • Ar1200-s
  • Srg3300 Firmware
  • Ar200-s
  • Ar3600
  • Ar200
  • Ar150-s Firmware
  • Netengine16ex
  • Ar150-s
  • Ar1200-s Firmware
  • Ar3600 Firmware
  • Ar510
  • Srg2300 Firmware
  • Ar1200
  • Ar2200-s
  • Ar200 Firmware
  • Netengine16ex Firmware
  • Srg3300
  • Ar160
  • Ar150 Firmware
  • Ar3200 Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1200-s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:huawei:ar150_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar150-s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:huawei:ar160_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:huawei:ar200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar200-s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
OR cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2200-s:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
OR cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3600:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:huawei:ar510_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar510:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
OR cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
OR cpe:2.3:o:huawei:srg1300_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg1300:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
OR cpe:2.3:o:huawei:srg2300_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg2300:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
OR cpe:2.3:o:huawei:srg3300_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg3300:-:*:*:*:*:*:*:*
References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-01-oob-en Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-06-01T14:02:46

Updated: 2020-06-01T14:02:46

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9071

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-06-01T15:15:14.840

Modified: 2020-06-03T15:32:50.630

Link: CVE-2020-9071

JSON object: View

cve-icon Redhat Information

No data.

CWE