CVE-2020-9213

Q: What is the severity of CVE-2020-9213?

CVE-2020-9213 has a CVSS score of 7.5 (HIGH). This CVE describes a denial-of-service vulnerability in specific Huawei network security products, where improper packet handling allows an attacker to craft malicious packets that can disrupt services. Affected systems include various Huawei NGFW, NIP, Secospace USG, and SG9500 devices in certain versions.

7.5 HIGH

Denial of Service

📋 TL;DR

This CVE describes a denial-of-service vulnerability in specific Huawei network security products, where improper packet handling allows an attacker to craft malicious packets that can disrupt services. Affected systems include various Huawei NGFW, NIP, Secospace USG, and SG9500 devices in certain versions.

💻 Affected Systems

Products:

NGFW Module
NIP6300
NIP6600
NIP6800
Secospace USG6300
Secospace USG6500
Secospace USG6600
SG9500

Versions: Specific versions as listed in the Huawei advisory; exact ranges not provided in the CVE description.

Operating Systems: Proprietary Huawei OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability occurs in specific scenarios related to packet handling; not all configurations may be affected equally.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption or downtime for affected network security products, potentially impacting network availability and security monitoring.

🟠

Likely Case

Degraded performance or temporary service interruptions for specific services on the devices, leading to operational inefficiencies.

🟢

If Mitigated

Minimal impact if patches are applied or network controls block malicious traffic, maintaining normal service functionality.

🌐 Internet-Facing: HIGH, as internet-facing devices are directly exposed to crafted packets from external attackers.

🏢 Internal Only: MEDIUM, as internal attackers or malware could exploit this, but network segmentation may reduce exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW, as it involves crafting specific packets, which may be straightforward for attackers.

Exploitation requires sending crafted packets to vulnerable devices; no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Huawei advisory for specific patched versions.

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en

Restart Required: Yes

Instructions:

1. Check the Huawei advisory for affected versions. 2. Download and apply the recommended patch from Huawei. 3. Restart the device to ensure the patch takes effect. 4. Verify the fix using version checks.

🔧 Temporary Workarounds

Network Traffic Filtering

all

Implement network controls to block or rate-limit suspicious packets targeting the vulnerable devices.

Use firewall rules to filter traffic on relevant ports/protocols.

🧯 If You Can't Patch

Isolate affected devices in a segmented network to limit exposure.
Monitor network traffic for anomalies and implement intrusion detection systems.

🔍 How to Verify

Check if Vulnerable:

Check device version against the list in the Huawei advisory; if it matches affected versions, it is vulnerable.

Check Version:

Use Huawei device CLI commands (e.g., 'display version') to check the current software version.

Verify Fix Applied:

After patching, confirm the device version is updated to a patched version as specified by Huawei.

📡 Detection & Monitoring

Log Indicators:

Unusual packet drops, service errors, or performance degradation logs on the device.

Network Indicators:

Spikes in traffic to the device, especially with crafted packet patterns.

SIEM Query:

Example: 'source_ip sends high volume of packets to device_ip AND device logs service disruption'

📊 Metadata

CVE ID: CVE-2020-9213

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: March 22, 2021

Last Updated: November 21, 2024

🔗 References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ngfw Module Firmware by Huawei

Nip6300 Firmware by Huawei

Nip6300 Firmware by Huawei

Nip6300 Firmware by Huawei

Nip6600 Firmware by Huawei

Nip6600 Firmware by Huawei

Nip6600 Firmware by Huawei

Nip6800 Firmware by Huawei

Nip6800 Firmware by Huawei

Secospace Usg6300 Firmware by Huawei

Secospace Usg6300 Firmware by Huawei

Secospace Usg6300 Firmware by Huawei

Secospace Usg6500 Firmware by Huawei

Secospace Usg6500 Firmware by Huawei

Secospace Usg6500 Firmware by Huawei

Secospace Usg6600 Firmware by Huawei

Secospace Usg6600 Firmware by Huawei

Secospace Usg6600 Firmware by Huawei

Usg9500 Firmware by Huawei

Usg9500 Firmware by Huawei

Usg9500 Firmware by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Traffic Filtering

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export