CVE-2020-1865

{"id": "CVE-2020-1865", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-01-13T23:15:13.323", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en los productos Huawei CloudEngine. El software lee los datos m\u00e1s all\u00e1 del final del b\u00fafer previsto cuando se analiza determinado mensaje PIM, un atacante adyacente podr\u00eda enviar mensajes PIM dise\u00f1ados al dispositivo, una explotaci\u00f3n con \u00e9xito podr\u00eda causar una lectura fuera de l\u00edmites cuando el sistema realiza la operaci\u00f3n determinada"}], "lastModified": "2021-01-19T17:09:33.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A1D568-48C6-4CE4-8CD2-93F79F484448"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32438232-3341-4056-B801-AA8F0F9E8DEC"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EF3B57-0B07-40C0-943D-2C21EEE4D747"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6A9B879-DBF0-4F31-9BF8-7148BC2FCED5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "067ADFDC-B001-4270-9CA2-37F670B3BFAC"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2601F8EC-A011-4614-80CA-3A01D80D9B7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C78467A9-4091-4710-BFB8-A6FB0606BDF5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2923DC-9667-46F3-B879-C8C1DAECCC6F"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA3C214-FBB1-428A-8C0B-DF797296FC0E"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38CAD360-6AD5-4714-91BE-0AAB516EDA79"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCFEB001-EFF7-47AC-B67E-7B807780F009"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B76265-8C33-43A6-AAA7-7521B95F1C57"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7D33183-3C97-4EA6-90F7-55ED36F710E5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA5CC84F-27DD-4D5E-8F28-CD7D12EAD2D7"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5DDE2E-B7B3-4D7A-A3EA-C15F968F1186"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369FD60C-215C-4172-9CFC-39AD5492BE17"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAC7C877-066F-4FB8-9AB7-D038CE6E5D8D"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D96A7C4-88BE-4353-AC75-AF6841EEB6F9"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542A16DF-B995-417E-AE19-DFF9CC499D7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14C55E1D-E4E8-4E8F-8D3E-E3A72C5A45D8"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70D64B7D-AA9B-476B-8389-617799BAC702"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72424532-AB07-47DF-8301-275D6EC2F6D9"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4196899F-1AB3-429A-B334-3B059DFBCAFD"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA12B395-7D70-445A-B0FD-47363787D1EE"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "512A374E-09BE-4ACD-9F87-C1752C882778"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}