CVE-2020-9094

Description

There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service.

Affected products

• Huawei / CloudEngine 12800V200R019C00SPC800 – V200R019C00SPC800
• Huawei / CloudEngine 5800V200R019C00SPC800 – V200R019C00SPC800
• Huawei / CloudEngine 6800V200R005C20SPC800 – V200R005C20SPC800
• Huawei / CloudEngine 6800V200R019C00SPC800 – V200R019C00SPC800
• Huawei / CloudEngine 7800V200R019C00SPC800 – V200R019C00SPC800

References

• VENDOR_ADVISORYhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en