CVE-2020-1860

Published: Feb 28, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.

Affected (9)

Products: Huawei: Nip6800 Firmware, Secospace Usg6600 Firmware, Usg9500 Firmware

Huawei

3 products

Nip6800 Firmware

Secospace Usg6600 Firmware

Usg9500 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nip6800 Firmware	Version v500r001c30
Huawei Nip6800 Firmware	Version v500r001c60
Huawei Nip6800 Firmware	Version v500r005c00

Running on/with	Platform Versions
Huawei Nip6800	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Secospace Usg6600 Firmware	Version v500r001c30
Huawei Secospace Usg6600 Firmware	Version v500r001c60
Huawei Secospace Usg6600 Firmware	Version v500r005c00

Running on/with	Platform Versions
Huawei Secospace Usg6600	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Usg9500 Firmware	Version v500r001c30
Huawei Usg9500 Firmware	Version v500r001c60
Huawei Usg9500 Firmware	Version v500r005c00

Running on/with	Platform Versions
Huawei Usg9500	All versions

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.