CNVD-2020-21472
Vulnerability from cnvd - Published: 2020-04-05
VLAI
Title
Huawei SmartAX MA5600T、SmartAX MA5800和SmartAX EA5800缓冲区溢出漏洞
Description
Huawei SmartAX MA5600T是光铜一体化接入产品,提供大容量、高速率和高带宽的数据、语音和视频业务接入。SmartAX EA5800多业务接入设备是面向企业客户的分布式架构的智能汇聚OLT 平台,定位为面向NG-PON的下一代OLT。
Huawei SmartAX MA5600T、SmartAX MA5800和SmartAX EA5800中存在缓冲区溢出漏洞。远程攻击者可利用该漏洞执行代码。
Severity
中
Patch Name
Huawei SmartAX MA5600T、SmartAX MA5800和SmartAX EA5800缓冲区溢出漏洞的补丁
Patch Description
Huawei SmartAX MA5600T是光铜一体化接入产品,提供大容量、高速率和高带宽的数据、语音和视频业务接入。SmartAX EA5800多业务接入设备是面向企业客户的分布式架构的智能汇聚OLT 平台,定位为面向NG-PON的下一代OLT。
Huawei SmartAX MA5600T、SmartAX MA5800和SmartAX EA5800中存在缓冲区溢出漏洞。远程攻击者可利用该漏洞执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200401-01-overflow-cn
Reference
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200401-01-overflow-cn
Impacted products
| Name | ['Huawei SmartAX MA5600T V800R013C10', 'Huawei SmartAX MA5600T V800R015C00', 'Huawei SmartAX MA5600T V800R015C10', 'Huawei SmartAX MA5600T V800R017C00', 'Huawei SmartAX MA5600T V800R017C10', 'Huawei SmartAX MA5600T V800R018C00', 'Huawei SmartAX MA5600T V800R018C10', 'Huawei SmartAX MA5800 V100R017C00', 'Huawei SmartAX MA5800 V100R017C10', 'Huawei SmartAX MA5800 V100R018C00', 'Huawei SmartAX MA5800 V100R018C10', 'Huawei SmartAX MA5800 V100R019C10', 'Huawei SmartAX EA5800 V100R018C00', 'Huawei SmartAX EA5800 V100R018C10', 'Huawei SmartAX EA5800 V100R019C10'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-9067"
}
},
"description": "Huawei SmartAX MA5600T\u662f\u5149\u94dc\u4e00\u4f53\u5316\u63a5\u5165\u4ea7\u54c1\uff0c\u63d0\u4f9b\u5927\u5bb9\u91cf\u3001\u9ad8\u901f\u7387\u548c\u9ad8\u5e26\u5bbd\u7684\u6570\u636e\u3001\u8bed\u97f3\u548c\u89c6\u9891\u4e1a\u52a1\u63a5\u5165\u3002SmartAX EA5800\u591a\u4e1a\u52a1\u63a5\u5165\u8bbe\u5907\u662f\u9762\u5411\u4f01\u4e1a\u5ba2\u6237\u7684\u5206\u5e03\u5f0f\u67b6\u6784\u7684\u667a\u80fd\u6c47\u805aOLT \u5e73\u53f0\uff0c\u5b9a\u4f4d\u4e3a\u9762\u5411NG-PON\u7684\u4e0b\u4e00\u4ee3OLT\u3002\n\nHuawei SmartAX MA5600T\u3001SmartAX MA5800\u548cSmartAX EA5800\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200401-01-overflow-cn",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-21472",
"openTime": "2020-04-05",
"patchDescription": "Huawei SmartAX MA5600T\u662f\u5149\u94dc\u4e00\u4f53\u5316\u63a5\u5165\u4ea7\u54c1\uff0c\u63d0\u4f9b\u5927\u5bb9\u91cf\u3001\u9ad8\u901f\u7387\u548c\u9ad8\u5e26\u5bbd\u7684\u6570\u636e\u3001\u8bed\u97f3\u548c\u89c6\u9891\u4e1a\u52a1\u63a5\u5165\u3002SmartAX EA5800\u591a\u4e1a\u52a1\u63a5\u5165\u8bbe\u5907\u662f\u9762\u5411\u4f01\u4e1a\u5ba2\u6237\u7684\u5206\u5e03\u5f0f\u67b6\u6784\u7684\u667a\u80fd\u6c47\u805aOLT \u5e73\u53f0\uff0c\u5b9a\u4f4d\u4e3a\u9762\u5411NG-PON\u7684\u4e0b\u4e00\u4ee3OLT\u3002\r\n\r\nHuawei SmartAX MA5600T\u3001SmartAX MA5800\u548cSmartAX EA5800\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Huawei SmartAX MA5600T\u3001SmartAX MA5800\u548cSmartAX EA5800\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Huawei SmartAX MA5600T V800R013C10",
"Huawei SmartAX MA5600T V800R015C00",
"Huawei SmartAX MA5600T V800R015C10",
"Huawei SmartAX MA5600T V800R017C00",
"Huawei SmartAX MA5600T V800R017C10",
"Huawei SmartAX MA5600T V800R018C00",
"Huawei SmartAX MA5600T V800R018C10",
"Huawei SmartAX MA5800 V100R017C00",
"Huawei SmartAX MA5800 V100R017C10",
"Huawei SmartAX MA5800 V100R018C00",
"Huawei SmartAX MA5800 V100R018C10",
"Huawei SmartAX MA5800 V100R019C10",
"Huawei SmartAX EA5800 V100R018C00",
"Huawei SmartAX EA5800 V100R018C10",
"Huawei SmartAX EA5800 V100R019C10"
]
},
"referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200401-01-overflow-cn",
"serverity": "\u4e2d",
"submitTime": "2020-04-03",
"title": "Huawei SmartAX MA5600T\u3001SmartAX MA5800\u548cSmartAX EA5800\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…