1. Home
  2. CVE Database
  3. CVE-2020-9101
MEDIUM · 6.5

CVE-2020-9101

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insu...

Vulnerability Description

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiIps Module Firmwarev500r005c00
HuaweiIps Module-
HuaweiNgfw Module Firmwarev500r005c00
HuaweiNgfw Module-
HuaweiSecospace Usg6300 Firmwarev500r001c30
HuaweiSecospace Usg6300-
HuaweiSecospace Usg6500 Firmwarev500r001c30
HuaweiSecospace Usg6500-
HuaweiSecospace Usg6600 Firmwarev500r001c30
HuaweiSecospace Usg6600-
HuaweiUsg9500 Firmwarev500r001c30
HuaweiUsg9500-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2020-9101?

CVE-2020-9101 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insu...

How severe is CVE-2020-9101?

CVE-2020-9101 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9101?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ips Module Firmware, Huawei Ips Module, Huawei Ngfw Module Firmware, Huawei Ngfw Module, Huawei Secospace Usg6300 Firmware.