CVE-2020-1870 : There is a denial of service vulnerability in some Huawei products. Due to impro

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100.

Published 2020-05-29 20:15:11

Updated 2020-11-18 23:15:12

Source Huawei Technologies

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-1870

Huawei » Cloudengine 12800 Firmware » Version: V200r019c00
cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Cloudengine 12800 Firmware » Version: V200r019c00spc600
cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc600:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Cloudengine 12800 Firmware » Version: V200r019c00spc800
cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Cloudengine 12800 Firmware » Version: V200r019c10
cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Cloudengine 6800 Firmware » Version: V200r019c00spc800
cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 6800 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-1870

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 37 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1870

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-1870

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-1870

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en

huawei-sa-20200527-01-dos-en
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-1870

Products affected by CVE-2020-1870

Exploit prediction scoring system (EPSS) score for CVE-2020-1870

CVSS scores for CVE-2020-1870

CWE ids for CVE-2020-1870

References for CVE-2020-1870