CVE-2020-9067

moderate-risk
Published 2020-04-02

There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (15)

Smartax Ma5600T Firmware
Smartax Ma5600T Firmware
Smartax Ma5600T Firmware
Smartax Ma5600T Firmware
Smartax Ma5600T Firmware
Smartax Ma5600T Firmware
Smartax Ma5600T Firmware
Smartax Ma5800 Firmware
Smartax Ma5800 Firmware
Smartax Ma5800 Firmware
Smartax Ma5800 Firmware
Smartax Ma5800 Firmware
Smartax Ea5800 Firmware
Smartax Ea5800 Firmware
Smartax Ea5800 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overfl...
Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overfl...
44
/ 100
moderate-risk
Severity 25/34 · High
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate