cnvd-2020-36735
Vulnerability from cnvd
Title: 多款Huawei产品越界读取漏洞(CNVD-2020-36735)
Description:
Huawei AP2000等都是中国华为(Huawei)公司的产品。Huawei AP2000是一款无线接入点设备。Huawei IPS Module是一款入侵防御系统(IPS)模块。NGFW Module是一款下一代防火墙(NGFW)模块。
多款Huawei产品中存在越界读取漏洞,该漏洞源于程序未能对消息进行充分的校验,攻击者可通过从内部网口发送伪造的消息或篡改进程间消息来利用该漏洞导致受影响的单板异常。
Severity: 中
Patch Name: 多款Huawei产品越界读取漏洞(CNVD-2020-36735)的补丁
Patch Description:
Huawei AP2000等都是中国华为(Huawei)公司的产品。Huawei AP2000是一款无线接入点设备。Huawei IPS Module是一款入侵防御系统(IPS)模块。NGFW Module是一款下一代防火墙(NGFW)模块。
多款Huawei产品中存在越界读取漏洞,该漏洞源于程序未能对消息进行充分的校验,攻击者可通过从内部网口发送伪造的消息或篡改进程间消息来利用该漏洞导致受影响的单板异常。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191211-01-ssp-cn
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5254
Impacted products
| Name | ['Huawei Secospace AntiDDoS8000 V500R001C00', 'Huawei S5700 V200R005C03', 'Huawei NIP6300 V500R001C20SPC200', 'Huawei NIP6600 V500R001C20SPC200', 'Huawei IPS Module V100R001C30', 'Huawei IPS Module V500R001C20', 'Huawei IPS Module V500R001C50', 'Huawei NGFW Module V500R001C20', 'Huawei NGFW Module V500R002C00', 'Huawei NGFW Module V500R002C10', 'Huawei NIP6300 V500R001C20', 'Huawei NIP6300 V500R001C30', 'Huawei NIP6300 V500R001C50', 'Huawei NIP6600 V500R001C20', 'Huawei NIP6600 V500R001C30', 'Huawei NIP6600 V500R001C50', 'Huawei NIP6800 V500R001C50', 'Huawei Secospace AntiDDoS8000 V500R001C20SPC500', 'Huawei IPS Module V500R001C00SPC300', 'Huawei IPS Module V500R001C00SPC500', 'Huawei IPS Module V500R001C00SPH303', 'Huawei IPS Module V500R001C00SPH508', 'Huawei IPS Module V500R001C20SPC100', 'Huawei IPS Module V500R001C20SPC100PWE', 'Huawei IPS Module V500R001C20SPC200', 'Huawei IPS Module V500R001C20SPC200B062', 'Huawei IPS Module V500R001C20SPC200PWE', 'Huawei IPS Module V500R001C20SPC300B078', 'Huawei IPS Module V500R001C20SPC300PWE', 'Huawei NGFW Module V500R001C00SPC300', 'Huawei NGFW Module V500R001C00SPC500', 'Huawei NGFW Module V500R001C00SPC500PWE', 'Huawei NGFW Module V500R001C00SPH303', 'Huawei NGFW Module V500R001C00SPH508', 'Huawei NGFW Module V500R001C20SPC100', 'Huawei NGFW Module V500R001C20SPC100PWE', 'Huawei NGFW Module V500R001C20SPC200', 'Huawei NGFW Module V500R001C20SPC200B062', 'Huawei NGFW Module V500R001C20SPC200PWE', 'Huawei NGFW Module V500R001C20SPC300B078', 'Huawei NGFW Module V500R001C20SPC300PWE', 'Huawei NIP6300 V500R001C20SPC100', 'Huawei NIP6300 V500R001C20SPC100PWE', 'Huawei NIP6300 V500R001C20SPC200B062', 'Huawei NIP6300 V500R001C20SPC200PWE', 'Huawei NIP6300 V500R001C20SPC300B078,V500R001C20SPC300PWE', 'Huawei NIP6300 V500R001C20SPC300B078', 'Huawei NIP6300 V500R001C00SPC300', 'Huawei NIP6300 V500R001C00SPC500', 'Huawei NIP6300 V500R001C00SPH303', 'Huawei NIP6300 V500R001C00SPH508', 'Huawei NIP6600 V500R001C00SPC300', 'Huawei NIP6600 V500R001C00SPC500', 'Huawei NIP6600 V500R001C00SPH303', 'Huawei NIP6600 V500R001C00SPH508', 'Huawei NIP6600 V500R001C20SPC100', 'Huawei NIP6600 V500R001C20SPC100PWE', 'Huawei NIP6600 V500R001C20SPC200B062', 'Huawei NIP6600 V500R001C20SPC200PWE', 'Huawei NIP6600 V500R001C20SPC300B078', 'Huawei Huawei AP2000 V200R005C30', 'Huawei Huawei AP2000 V200R006C10', 'Huawei Huawei AP2000 V200R006C20', 'Huawei Huawei AP2000 V200R007C10', 'Huawei Huawei AP2000 V200R007C20', 'Huawei Huawei AP2000 V200R008C00', 'Huawei Huawei AP2000 V200R008C10', 'Huawei Huawei AP2000 V200R009C00', 'Huawei IPS Module V500R001C30SPC100', 'Huawei IPS Module V500R001C30SPC100PWE', 'Huawei IPS Module V500R001C30SPC200', 'Huawei IPS Module V500R001C30SPC200PWE', 'Huawei IPS Module V500R001C30SPC300', 'Huawei IPS Module V500R001C50PWE', 'Huawei IPS Module V500R001C80', 'Huawei IPS Module V500R005C00', 'Huawei NGFW Module V500R002C00SPC100', 'Huawei NGFW Module V500R002C00SPC100PWE', 'Huawei NGFW Module V500R002C00SPC200', 'Huawei NGFW Module V500R002C00SPC200PWE', 'Huawei NGFW Module V500R002C00SPC300', 'Huawei NGFW Module V500R002C10PWE', 'Huawei NGFW Module V500R002C30', 'Huawei NGFW Module V500R002C30PWE', 'Huawei NGFW Module V500R005C00', 'Huawei NIP6300 V500R001C30SPC100', 'Huawei NIP6300 V500R001C30SPC100PWE', 'Huawei NIP6300 V500R001C30SPC200', 'Huawei NIP6300 V500R001C30SPC200PWE', 'Huawei NIP6300 V500R001C30SPC300', 'Huawei NIP6300 V500R001C50PWE', 'Huawei NIP6300 V500R001C80', 'Huawei NIP6300 V500R005C00', 'Huawei NIP6600 V500R001C30SPC100', 'Huawei NIP6600 V500R001C30SPC100PWE', 'Huawei NIP6600 V500R001C30SPC200', 'Huawei NIP6600 V500R001C30SPC200PWE', 'Huawei NIP6600 V500R001C30SPC300', 'Huawei NIP6600 V500R001C50PWE', 'Huawei NIP6600 V500R001C80', 'Huawei NIP6600 V500R005C00', 'Huawei NIP6800 V500R001C50PWE', 'Huawei NIP6800 V500R001C80', 'Huawei NIP6800 V500R005C00', 'Huawei SVN5600 V200R003C00SPC100', 'Huawei SVN5800 V200R003C00SPC100', 'Huawei SVN5800-C V200R003C00SPC100', 'Huawei SeMG9811 V500R002C20', 'Huawei SeMG9811 V500R002C30', 'Huawei SeMG9811 V500R005C00'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-5254",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-5254"
}
},
"description": "Huawei AP2000\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei AP2000\u662f\u4e00\u6b3e\u65e0\u7ebf\u63a5\u5165\u70b9\u8bbe\u5907\u3002Huawei IPS Module\u662f\u4e00\u6b3e\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\uff08IPS\uff09\u6a21\u5757\u3002NGFW Module\u662f\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\uff08NGFW\uff09\u6a21\u5757\u3002\n\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u6d88\u606f\u8fdb\u884c\u5145\u5206\u7684\u6821\u9a8c\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4ece\u5185\u90e8\u7f51\u53e3\u53d1\u9001\u4f2a\u9020\u7684\u6d88\u606f\u6216\u7be1\u6539\u8fdb\u7a0b\u95f4\u6d88\u606f\u6765\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u7684\u5355\u677f\u5f02\u5e38\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191211-01-ssp-cn",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-36735",
"openTime": "2020-07-07",
"patchDescription": "Huawei AP2000\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei AP2000\u662f\u4e00\u6b3e\u65e0\u7ebf\u63a5\u5165\u70b9\u8bbe\u5907\u3002Huawei IPS Module\u662f\u4e00\u6b3e\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\uff08IPS\uff09\u6a21\u5757\u3002NGFW Module\u662f\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\uff08NGFW\uff09\u6a21\u5757\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u6d88\u606f\u8fdb\u884c\u5145\u5206\u7684\u6821\u9a8c\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4ece\u5185\u90e8\u7f51\u53e3\u53d1\u9001\u4f2a\u9020\u7684\u6d88\u606f\u6216\u7be1\u6539\u8fdb\u7a0b\u95f4\u6d88\u606f\u6765\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u7684\u5355\u677f\u5f02\u5e38\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2020-36735\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Huawei Secospace AntiDDoS8000 V500R001C00",
"Huawei S5700 V200R005C03",
"Huawei NIP6300 V500R001C20SPC200",
"Huawei NIP6600 V500R001C20SPC200",
"Huawei IPS Module V100R001C30",
"Huawei IPS Module V500R001C20",
"Huawei IPS Module V500R001C50",
"Huawei NGFW Module V500R001C20",
"Huawei NGFW Module V500R002C00",
"Huawei NGFW Module V500R002C10",
"Huawei NIP6300 V500R001C20",
"Huawei NIP6300 V500R001C30",
"Huawei NIP6300 V500R001C50",
"Huawei NIP6600 V500R001C20",
"Huawei NIP6600 V500R001C30",
"Huawei NIP6600 V500R001C50",
"Huawei NIP6800 V500R001C50",
"Huawei Secospace AntiDDoS8000 V500R001C20SPC500",
"Huawei IPS Module V500R001C00SPC300",
"Huawei IPS Module V500R001C00SPC500",
"Huawei IPS Module V500R001C00SPH303",
"Huawei IPS Module V500R001C00SPH508",
"Huawei IPS Module V500R001C20SPC100",
"Huawei IPS Module V500R001C20SPC100PWE",
"Huawei IPS Module V500R001C20SPC200",
"Huawei IPS Module V500R001C20SPC200B062",
"Huawei IPS Module V500R001C20SPC200PWE",
"Huawei IPS Module V500R001C20SPC300B078",
"Huawei IPS Module V500R001C20SPC300PWE",
"Huawei NGFW Module V500R001C00SPC300",
"Huawei NGFW Module V500R001C00SPC500",
"Huawei NGFW Module V500R001C00SPC500PWE",
"Huawei NGFW Module V500R001C00SPH303",
"Huawei NGFW Module V500R001C00SPH508",
"Huawei NGFW Module V500R001C20SPC100",
"Huawei NGFW Module V500R001C20SPC100PWE",
"Huawei NGFW Module V500R001C20SPC200",
"Huawei NGFW Module V500R001C20SPC200B062",
"Huawei NGFW Module V500R001C20SPC200PWE",
"Huawei NGFW Module V500R001C20SPC300B078",
"Huawei NGFW Module V500R001C20SPC300PWE",
"Huawei NIP6300 V500R001C20SPC100",
"Huawei NIP6300 V500R001C20SPC100PWE",
"Huawei NIP6300 V500R001C20SPC200B062",
"Huawei NIP6300 V500R001C20SPC200PWE",
"Huawei NIP6300 V500R001C20SPC300B078\uff0cV500R001C20SPC300PWE",
"Huawei NIP6300 V500R001C20SPC300B078",
"Huawei NIP6300 V500R001C00SPC300",
"Huawei NIP6300 V500R001C00SPC500",
"Huawei NIP6300 V500R001C00SPH303",
"Huawei NIP6300 V500R001C00SPH508",
"Huawei NIP6600 V500R001C00SPC300",
"Huawei NIP6600 V500R001C00SPC500",
"Huawei NIP6600 V500R001C00SPH303",
"Huawei NIP6600 V500R001C00SPH508",
"Huawei NIP6600 V500R001C20SPC100",
"Huawei NIP6600 V500R001C20SPC100PWE",
"Huawei NIP6600 V500R001C20SPC200B062",
"Huawei NIP6600 V500R001C20SPC200PWE",
"Huawei NIP6600 V500R001C20SPC300B078",
"Huawei Huawei AP2000 V200R005C30",
"Huawei Huawei AP2000 V200R006C10",
"Huawei Huawei AP2000 V200R006C20",
"Huawei Huawei AP2000 V200R007C10",
"Huawei Huawei AP2000 V200R007C20",
"Huawei Huawei AP2000 V200R008C00",
"Huawei Huawei AP2000 V200R008C10",
"Huawei Huawei AP2000 V200R009C00",
"Huawei IPS Module V500R001C30SPC100",
"Huawei IPS Module V500R001C30SPC100PWE",
"Huawei IPS Module V500R001C30SPC200",
"Huawei IPS Module V500R001C30SPC200PWE",
"Huawei IPS Module V500R001C30SPC300",
"Huawei IPS Module V500R001C50PWE",
"Huawei IPS Module V500R001C80",
"Huawei IPS Module V500R005C00",
"Huawei NGFW Module V500R002C00SPC100",
"Huawei NGFW Module V500R002C00SPC100PWE",
"Huawei NGFW Module V500R002C00SPC200",
"Huawei NGFW Module V500R002C00SPC200PWE",
"Huawei NGFW Module V500R002C00SPC300",
"Huawei NGFW Module V500R002C10PWE",
"Huawei NGFW Module V500R002C30",
"Huawei NGFW Module V500R002C30PWE",
"Huawei NGFW Module V500R005C00",
"Huawei NIP6300 V500R001C30SPC100",
"Huawei NIP6300 V500R001C30SPC100PWE",
"Huawei NIP6300 V500R001C30SPC200",
"Huawei NIP6300 V500R001C30SPC200PWE",
"Huawei NIP6300 V500R001C30SPC300",
"Huawei NIP6300 V500R001C50PWE",
"Huawei NIP6300 V500R001C80",
"Huawei NIP6300 V500R005C00",
"Huawei NIP6600 V500R001C30SPC100",
"Huawei NIP6600 V500R001C30SPC100PWE",
"Huawei NIP6600 V500R001C30SPC200",
"Huawei NIP6600 V500R001C30SPC200PWE",
"Huawei NIP6600 V500R001C30SPC300",
"Huawei NIP6600 V500R001C50PWE",
"Huawei NIP6600 V500R001C80",
"Huawei NIP6600 V500R005C00",
"Huawei NIP6800 V500R001C50PWE",
"Huawei NIP6800 V500R001C80",
"Huawei NIP6800 V500R005C00",
"Huawei SVN5600 V200R003C00SPC100",
"Huawei SVN5800 V200R003C00SPC100",
"Huawei SVN5800-C V200R003C00SPC100",
"Huawei SeMG9811 V500R002C20",
"Huawei SeMG9811 V500R002C30",
"Huawei SeMG9811 V500R005C00"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5254",
"serverity": "\u4e2d",
"submitTime": "2019-12-18",
"title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2020-36735\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…