Login Sign Up

CVE-2020-1863

7.5 HIGH
Denial of Service

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Huawei USG6000V firewall software due to a logical flaw in JSON parsing. Remote, unauthenticated attackers can exploit this vulnerability to cause denial of service by disrupting affected products. Organizations running specific versions of Huawei USG6000V firewalls are affected.

💻 Affected Systems

Products:
  • Huawei USG6000V
Versions: V500R001C20SPC300, V500R003C00SPC100, V500R005C00SPC100
Operating Systems: Huawei proprietary OS
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations running affected versions are vulnerable. The vulnerability exists in the JSON parsing routine.

📦 What is this software?

Usg6000v Firmware by Huawei

View all CVEs affecting Usg6000v Firmware →

Usg6000v Firmware by Huawei

View all CVEs affecting Usg6000v Firmware →

Usg6000v Firmware by Huawei

View all CVEs affecting Usg6000v Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the firewall, potentially causing network outages and loss of security monitoring/protection capabilities.

🟠

Likely Case

Denial of service affecting firewall functionality, requiring reboot or manual intervention to restore service.

🟢

If Mitigated

Minimal impact if firewalls are behind additional security layers or have restricted access, though service disruption risk remains.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious JSON payloads to trigger the out-of-bounds read condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security advisory for specific patched versions

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en

Restart Required: Yes

Instructions:

1. Review Huawei security advisory SA-20200311-01. 2. Download appropriate patch from Huawei support portal. 3. Apply patch following Huawei's upgrade procedures. 4. Reboot device as required.

🔧 Temporary Workarounds

Restrict network access

all

Limit access to firewall management interfaces to trusted networks only

Implement network segmentation

all

Place firewalls behind additional security layers to limit exposure

🧯 If You Can't Patch

  • Isolate affected firewalls from untrusted networks
  • Implement strict network access controls and monitor for anomalous JSON traffic

🔍 How to Verify

Check if Vulnerable:

Check firewall version via web interface or CLI: display version

Check Version:

display version

Verify Fix Applied:

Verify version after patch application and confirm no service disruptions from test JSON payloads

📡 Detection & Monitoring

Log Indicators:

  • Unexpected firewall restarts
  • JSON parsing errors in system logs
  • Service disruption alerts

Network Indicators:

  • Malformed JSON traffic to firewall management interfaces
  • Unusual traffic patterns to firewall

SIEM Query:

firewall_service_disruption OR json_parsing_error OR usg6000v_restart

📊 Metadata

CVE ID: CVE-2020-1863
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: March 12, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-1863, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)