CVE-2020-1821

moderate-risk

Published 2024-12-28

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

Affected Products (20)

Ips Module Firmware

Ngfw Module Firmware

Nip6300 Firmware

Nip6600 Firmware

Nip6800 Firmware

Secospace Usg6300 Firmware

Secospace Usg6500 Firmware

Affected Vendors

Huawei

References (1)

Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-c...

/ 100

moderate-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 21/34 · High