Lucene search

[email protected]CVE-2020-1857

HistoryFeb 17, 2020 - 8:15 p.m.

CVE-2020-1857

2020-02-1720:15:11

[email protected]

web.nvd.nist.gov

huawei

nip6800

secospace

usg6600

usg9500

information leakage

vulnerability

cve-2020-1857

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage.

Affected configurations

NVD

Node

huaweinip6800_firmwareMatchv500r001c30

huaweinip6800_firmwareMatchv500r001c60spc500

huaweinip6800_firmwareMatchv500r005c00spc100

AND

huaweinip6800Match-

Node

huaweisecospace_usg6600_firmwareMatchv500r001c30spc200

huaweisecospace_usg6600_firmwareMatchv500r001c30spc600

huaweisecospace_usg6600_firmwareMatchv500r001c60spc500

huaweisecospace_usg6600_firmwareMatchv500r005c00spc100

AND

huaweisecospace_usg6600Match-

Node

huaweiusg9500_firmwareMatchv500r001c30spc200

huaweiusg9500_firmwareMatchv500r001c30spc600

huaweiusg9500_firmwareMatchv500r001c60spc500

huaweiusg9500_firmwareMatchv500r005c00spc100

AND

huaweiusg9500Match-

CPENameOperatorVersion
huawei:nip6800_firmwarehuawei nip6800 firmwareeqv500r001c30
huawei:nip6800_firmwarehuawei nip6800 firmwareeqv500r001c60spc500
huawei:nip6800_firmwarehuawei nip6800 firmwareeqv500r005c00spc100

CPE	Name	Operator	Version
huawei:nip6800_firmware	huawei nip6800 firmware	eq	v500r001c30
huawei:nip6800_firmware	huawei nip6800 firmware	eq	v500r001c60spc500
huawei:nip6800_firmware	huawei nip6800 firmware	eq	v500r005c00spc100

CNA Affected

[
  {
    "product": "NIP6800",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "V500R001C30"
      },
      {
        "status": "affected",
        "version": "V500R001C60SPC500"
      },
      {
        "status": "affected",
        "version": "V500R005C00SPC100"
      }
    ]
  },
  {
    "product": "Secospace USG6600",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "V500R001C30SPC200"
      },
      {
        "status": "affected",
        "version": "V500R001C30SPC600"
      },
      {
        "status": "affected",
        "version": "V500R001C60SPC500"
      },
      {
        "status": "affected",
        "version": "V500R005C00SPC100"
      }
    ]
  },
  {
    "product": "USG9500",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "V500R001C30SPC200"
      },
      {
        "status": "affected",
        "version": "V500R001C30SPC600"
      },
      {
        "status": "affected",
        "version": "V500R001C60SPC500"
      },
      {
        "status": "affected",
        "version": "V500R005C00SPC100"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-leakage-en

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-1857

prion1 nvd1 cvelist1 huawei1