CVE-2020-9067 (GCVE-0-2020-9067)

Vulnerability from cvelistv5 – Published: 2020-04-02 20:31 – Updated: 2024-08-04 10:19
VLAI
Summary
There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.
CWE
  • Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
n/a SmartAX MA5600T Affected: V800R013C10
Affected: V800R015C00
Affected: V800R015C10
Affected: V800R017C00
Affected: V800R017C10
Affected: V800R018C00
Affected: V800R018C10
n/a SmartAX MA5800 Affected: V100R017C00
Affected: V100R017C10
Affected: V100R018C00
Affected: V100R018C10
Affected: V100R019C10
n/a SmartAX EA5800 Affected: V100R018C00
Affected: V100R018C10
Affected: V100R019C10
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:19:19.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SmartAX MA5600T",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V800R013C10"
            },
            {
              "status": "affected",
              "version": "V800R015C00"
            },
            {
              "status": "affected",
              "version": "V800R015C10"
            },
            {
              "status": "affected",
              "version": "V800R017C00"
            },
            {
              "status": "affected",
              "version": "V800R017C10"
            },
            {
              "status": "affected",
              "version": "V800R018C00"
            },
            {
              "status": "affected",
              "version": "V800R018C10"
            }
          ]
        },
        {
          "product": "SmartAX MA5800",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V100R017C00"
            },
            {
              "status": "affected",
              "version": "V100R017C10"
            },
            {
              "status": "affected",
              "version": "V100R018C00"
            },
            {
              "status": "affected",
              "version": "V100R018C10"
            },
            {
              "status": "affected",
              "version": "V100R019C10"
            }
          ]
        },
        {
          "product": "SmartAX EA5800",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V100R018C00"
            },
            {
              "status": "affected",
              "version": "V100R018C10"
            },
            {
              "status": "affected",
              "version": "V100R019C10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-02T20:31:37.000Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-9067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SmartAX MA5600T",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V800R013C10"
                          },
                          {
                            "version_value": "V800R015C00"
                          },
                          {
                            "version_value": "V800R015C10"
                          },
                          {
                            "version_value": "V800R017C00"
                          },
                          {
                            "version_value": "V800R017C10"
                          },
                          {
                            "version_value": "V800R018C00"
                          },
                          {
                            "version_value": "V800R018C10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SmartAX MA5800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V100R017C00"
                          },
                          {
                            "version_value": "V100R017C10"
                          },
                          {
                            "version_value": "V100R018C00"
                          },
                          {
                            "version_value": "V100R018C10"
                          },
                          {
                            "version_value": "V100R019C10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SmartAX EA5800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V100R018C00"
                          },
                          {
                            "version_value": "V100R018C10"
                          },
                          {
                            "version_value": "V100R019C10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en",
              "refsource": "CONFIRM",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-9067",
    "datePublished": "2020-04-02T20:31:37.000Z",
    "dateReserved": "2020-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:19:19.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-9067",
      "date": "2026-07-01",
      "epss": "0.00617",
      "percentile": "0.45136"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9067\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2020-04-02T21:15:13.927\",\"lastModified\":\"2024-11-21T05:39:57.667\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en algunos productos Huawei. Un atacante puede explotar la vulnerabilidad para llevar a cabo una ejecuci\u00f3n de c\u00f3digo remota en los productos afectados cuando el producto afectado funciona como un terminal de l\u00ednea \u00f3ptica (OLT). Las versiones de productos afectados incluyen: SmartAX MA5600T versiones V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versiones V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versiones V100R018C00, V100R018C10, V100R019C10.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":5.2,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r013c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A164C700-0C00-4536-9DC7-28212B3A578D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE95BA25-1998-422B-AC3D-8EF1A60C8564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DC8A216-F784-4038-8A8E-2118D81ABD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBEE3413-8909-48D1-94AA-6EBAAA40CEE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E713F2DA-18E2-4CAF-8972-DF742627BBB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0608D68B-B4A6-4B83-B6ED-8A892AA38605\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AC87D54-20D5-49C7-8698-297617ECA6D1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:smartax_ma5600t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14106F76-4E6B-4377-ACFC-FDE6C3DB8FA8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BD802F-5A10-42A4-AE67-F28A70DA1468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9248DC4A-07C7-446F-A95D-C4CEC1BFA7A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D08191BA-E7E6-402F-8653-70A9044607D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B653563E-34ED-49E1-B79C-2074BA426BF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r019c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FF7926F-0868-41A9-BFB9-25A65982D06F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:smartax_ma5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E647FBD-CD79-442B-AAC5-64A2419BBD76\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"019082B0-5A44-4655-91CC-C4C945CEE9B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92096DD2-2E6D-4344-ABEF-E32360C9FE92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r019c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEEB7EF9-0C90-4499-BE9D-2C649FA12572\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:smartax_ea5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7598F036-E6B9-4552-B79F-800417F94CFD\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…