CVE-2020-9067 : There is a buffer overflow vulnerability in some Huawei products. The vulnerabil

There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.

Published 2020-04-02 21:15:14

Updated 2020-04-03 20:56:26

Source Huawei Technologies

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2020-9067

Huawei » Smartax Ma5600t Firmware » Version: V800r013c10
cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r013c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5600t » Version: N/A
Huawei » Smartax Ma5600t Firmware » Version: V800r015c00
cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5600t » Version: N/A
Huawei » Smartax Ma5600t Firmware » Version: V800r015c10
cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5600t » Version: N/A
Huawei » Smartax Ma5600t Firmware » Version: V800r017c00
cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5600t » Version: N/A
Huawei » Smartax Ma5600t Firmware » Version: V800r017c10
cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5600t » Version: N/A
Huawei » Smartax Ma5600t Firmware » Version: V800r018c00
cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5600t » Version: N/A
Huawei » Smartax Ma5600t Firmware » Version: V800r018c10
cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5600t » Version: N/A
Huawei » Smartax Ma5800 Firmware » Version: V100r017c00
cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5800 » Version: N/A
Huawei » Smartax Ma5800 Firmware » Version: V100r017c10
cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5800 » Version: N/A
Huawei » Smartax Ma5800 Firmware » Version: V100r018c00
cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5800 » Version: N/A
Huawei » Smartax Ma5800 Firmware » Version: V100r018c10
cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5800 » Version: N/A
Huawei » Smartax Ma5800 Firmware » Version: V100r019c10
cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r019c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ma5800 » Version: N/A
Huawei » Smartax Ea5800 Firmware » Version: V100r018c00
cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ea5800 » Version: N/A
Huawei » Smartax Ea5800 Firmware » Version: V100r018c10
cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ea5800 » Version: N/A
Huawei » Smartax Ea5800 Firmware » Version: V100r019c10
cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r019c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Smartax Ea5800 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-9067

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-9067

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.2	MEDIUM	AV:A/AC:L/Au:S/C:P/I:P/A:P	5.1	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-9067

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-9067

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-9067

Products affected by CVE-2020-9067

Exploit prediction scoring system (EPSS) score for CVE-2020-9067

CVSS scores for CVE-2020-9067

CWE ids for CVE-2020-9067

References for CVE-2020-9067