1. Home
  2. CVE Database
  3. CVE-2020-1866
MEDIUM · 6.5

CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause...

Vulnerability Description

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiNip6800 Firmwarev500r001c30
HuaweiNip6800-
HuaweiS12700 Firmwarev200r008c00
HuaweiS12700-
HuaweiS2700 Firmwarev200r008c00
HuaweiS2700-
HuaweiS5700 Firmwarev200r008c00
HuaweiS5700-
HuaweiS6700 Firmwarev200r008c00
HuaweiS6700-
HuaweiS7700 Firmwarev200r008c00
HuaweiS7700-
HuaweiS9700 Firmwarev200r008c00
HuaweiS9700-
HuaweiSecospace Usg6600 Firmwarev500r001c30spc200
HuaweiSecospace Usg6600-
HuaweiUsg9500 Firmwarev500r001c30spc300
HuaweiUsg9500-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2020-1866?

CVE-2020-1866 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause...

How severe is CVE-2020-1866?

CVE-2020-1866 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1866?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Nip6800 Firmware, Huawei Nip6800, Huawei S12700 Firmware, Huawei S12700, Huawei S2700 Firmware.