Vulnerability Details CVE-2020-1828
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-1828
-
cpe:2.3:h:huawei:nip6800:-
-
cpe:2.3:h:huawei:secospace_usg6600:-
-
cpe:2.3:h:huawei:usg9500:-
-
cpe:2.3:o:huawei:nip6800_firmware:v500r001c30
-
cpe:2.3:o:huawei:nip6800_firmware:v500r001c60spc500
-
cpe:2.3:o:huawei:nip6800_firmware:v500r005c00
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc200
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc600
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60spc500
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00
-
cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200
-
cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600
-
cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500
-
cpe:2.3:o:huawei:usg9500_firmware:v500r005c00