Ngfw Module Firmware
CVE-2020-1856
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.
AnalysisAI
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Affected products include: Huawei Ngfw Module Firmware, Huawei Nip6300 Firmware, Huawei Nip6600 Firmware, Huawei Secospace Usg6500 Firmware, Huawei Secospace Usg6600 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ngfw Module Firmware
View allBuffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module,
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6
Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and US
There is an out of bounds write vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerabilit
There is a denial of service vulnerability in Huawei products. Rated high severity (CVSS 7.5), this vulnerability is rem
There is an out-of-bounds write vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerabil
There is a memory leak vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is re
There is an out-of-bounds write vulnerability in some products. Rated medium severity (CVSS 6.5), this vulnerability is
There is a weak secure algorithm vulnerability in Huawei products. Rated medium severity (CVSS 5.9), this vulnerability
There is a memory leak vulnerability in Huawei products. Rated medium severity (CVSS 4.9), this vulnerability is remotel
There is an information leak vulnerability in Huawei products. Rated medium severity (CVSS 4.9), this vulnerability is r
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today