Sign-up

ID

VAR-202004-2101


CVE

CVE-2020-9067


TITLE

plural Huawei Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-003595

DESCRIPTION

There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10. Huawei SmartAX MA5600T , MA5800 , EA5800 Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei SmartAX MA5600T is an integrated copper and copper access product that provides high-capacity, high-speed, and high-bandwidth data, voice, and video service access. SmartAX EA5800 multi-service access equipment is a smart aggregation OLT platform for enterprise customers with a distributed architecture and is positioned as the next-generation OLT for NG-PON

Trust: 2.16

sources: NVD: CVE-2020-9067 // JVNDB: JVNDB-2020-003595 // CNVD: CNVD-2020-21472

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21472

AFFECTED PRODUCTS

vendor:huaweimodel:smartax ea5800scope:eqversion:v100r018c00

Trust: 1.8

vendor:huaweimodel:smartax ea5800scope:eqversion:v100r018c10

Trust: 1.8

vendor:huaweimodel:smartax ea5800scope:eqversion:v100r019c10

Trust: 1.8

vendor:huaweimodel:smartax ma5600tscope:eqversion:v800r013c10

Trust: 1.8

vendor:huaweimodel:smartax ma5600tscope:eqversion:v800r015c00

Trust: 1.8

vendor:huaweimodel:smartax ma5600tscope:eqversion:v800r015c10

Trust: 1.8

vendor:huaweimodel:smartax ma5600tscope:eqversion:v800r017c00

Trust: 1.8

vendor:huaweimodel:smartax ma5800scope:eqversion:v100r017c00

Trust: 1.8

vendor:huaweimodel:smartax ma5800scope:eqversion:v100r017c10

Trust: 1.8

vendor:huaweimodel:smartax ma5800scope:eqversion:v100r018c00

Trust: 1.8

vendor:huaweimodel:smartax ma5600tscope:eqversion:v800r018c10

Trust: 1.0

vendor:huaweimodel:smartax ma5600tscope:eqversion:v800r017c10

Trust: 1.0

vendor:huaweimodel:smartax ma5800scope:eqversion:v100r019c10

Trust: 1.0

vendor:huaweimodel:smartax ma5800scope:eqversion:v100r018c10

Trust: 1.0

vendor:huaweimodel:smartax ma5600tscope:eqversion:v800r018c00

Trust: 1.0

vendor:huaweimodel:smartax ma5600t v800r013c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5600t v800r015c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5600t v800r015c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5600t v800r017c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5600t v800r017c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5600t v800r018c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5600t v800r018c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5800 v100r017c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5800 v100r017c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5800 v100r018c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5800 v100r018c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ma5800 v100r019c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ea5800 v100r018c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ea5800 v100r018c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:smartax ea5800 v100r019c10scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-21472 // JVNDB: JVNDB-2020-003595 // NVD: CVE-2020-9067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9067
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003595
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-21472
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-061
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9067
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003595
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21472
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9067
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003595
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21472 // JVNDB: JVNDB-2020-003595 // CNNVD: CNNVD-202004-061 // NVD: CVE-2020-9067

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2020-003595 // NVD: CVE-2020-9067

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-061

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003595

PATCH
title:huawei-sa-20200401-01-overflowurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en
Trust: 0.8
title:Patch for Huawei SmartAX MA5600T, SmartAX MA5800, and SmartAX EA5800 buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/212635
Trust: 0.6
title:Huawei SmartAX MA5600T , SmartAX MA5800  and SmartAX EA5800 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113199
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21472 // 
            
            
            
            JVNDB: JVNDB-2020-003595 // 
            
            
            
            CNNVD: CNNVD-202004-061

EXTERNAL IDS
db:NVDid:CVE-2020-9067
Trust: 3.0
db:JVNDBid:JVNDB-2020-003595
Trust: 0.8
db:CNVDid:CNVD-2020-21472
Trust: 0.6
db:CNNVDid:CNNVD-202004-061
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21472 // 
            
            
            
            JVNDB: JVNDB-2020-003595 // 
            
            
            
            CNNVD: CNNVD-202004-061 // 
            
            
            
            NVD: CVE-2020-9067

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-9067
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200401-01-overflow-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9067
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-21472 // 
            
            
            
            JVNDB: JVNDB-2020-003595 // 
            
            
            
            CNNVD: CNNVD-202004-061 // 
            
            
            
            NVD: CVE-2020-9067

SOURCES
db:CNVDid:CNVD-2020-21472
db:JVNDBid:JVNDB-2020-003595
db:CNNVDid:CNNVD-202004-061
db:NVDid:CVE-2020-9067

LAST UPDATE DATE
2024-11-23T22:37:24.338000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21472date:2020-04-05T00:00:00
db:JVNDBid:JVNDB-2020-003595date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202004-061date:2020-04-15T00:00:00
db:NVDid:CVE-2020-9067date:2024-11-21T05:39:57.667

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21472date:2020-04-05T00:00:00
db:JVNDBid:JVNDB-2020-003595date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202004-061date:2020-04-01T00:00:00
db:NVDid:CVE-2020-9067date:2020-04-02T21:15:13.927