Lucene search

[email protected]CVE-2020-9075

HistoryJun 15, 2020 - 3:15 p.m.

CVE-2020-9075

2020-06-1515:15:09

CWE-20

[email protected]

web.nvd.nist.gov

huawei

secospace

usg6300

v500r001c30

v500r001c50

v500r001c60

v500r001c80

v500r005c00

v500r005c10

v600r006c00

insufficient input verification

cve-2020-9075

vulnerability

information leakage

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.7%

JSON

Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.

Affected configurations

NVD

Node

huaweisecospace_usg6300Match-

AND

huaweisecospace_usg6300_firmwareMatchv500r005c00

huaweisecospace_usg6300_firmwareMatchv500r005c10

huaweisecospace_usg6600_firmwareMatchv500r001c30

huaweisecospace_usg6600_firmwareMatchv500r001c50

huaweisecospace_usg6600_firmwareMatchv500r001c60

huaweisecospace_usg6600_firmwareMatchv500r001c80

Node

huaweiusg6300eMatch-

AND

huaweiusg6300e_firmwareMatchv600r006c00

CPENameOperatorVersion
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r005c00
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r005c10
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r001c30
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r001c50
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r001c60
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r001c80

CPE	Name	Operator	Version
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r005c00
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r005c10
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r001c30
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r001c50
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r001c60
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r001c80

CNA Affected

[
  {
    "product": "Secospace USG6300;USG6300E",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10"
      },
      {
        "status": "affected",
        "version": "V600R006C00"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-validation-en

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.7%

JSON

Related for CVE-2020-9075

cvelist1 huawei1 prion1 openvas1 nvd1