Lucene search

Huawei TechnologiesHUAWEI-SA-20200205-01-FIREWALL

HistoryFeb 05, 2020 - 12:00 a.m.

Security Advisory - Information leakage Vulnerability in Some Huawei Products

2020-02-0500:00:00

Huawei Technologies

www.huawei.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.8%

JSON

There is an information leakage vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. (Vulnerability ID: HWPSIRT-2019-11212)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1856.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en

Affected configurations

Vulners

Node

huaweingfw_module_firmwareMatchv500r001c30

huaweingfw_module_firmwareMatchv500r001c60

huaweingfw_module_firmwareMatchv500r005c00

huaweinip6300_firmwareMatchv500r001c30

huaweinip6300_firmwareMatchv500r001c60

huaweinip6300_firmwareMatchv500r005c00

huaweinip6600_firmwareMatchv500r001c30

huaweinip6600_firmwareMatchv500r001c60

huaweinip6600_firmwareMatchv500r005c00

huaweisecospace_usg6500_firmwareMatchv500r001c30

huaweisecospace_usg6500_firmwareMatchv500r001c60

huaweisecospace_usg6500_firmwareMatchv500r005c00

huaweisecospace_usg6600_firmwareMatchv500r001c30

huaweisecospace_usg6600_firmwareMatchv500r001c60

huaweisecospace_usg6600_firmwareMatchv500r005c00

huaweiusg9500_firmwareMatchv500r001c30

huaweiusg9500_firmwareMatchv500r001c60

huaweiusg9500_firmwareMatchv500r005c00

VendorProductVersionCPE
huaweingfw_module_firmwarev500r001c30cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c30:*:*:*:*:*:*:*
huaweingfw_module_firmwarev500r001c60cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c60:*:*:*:*:*:*:*
huaweingfw_module_firmwarev500r005c00cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*
huaweinip6300_firmwarev500r001c30cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
huaweinip6300_firmwarev500r001c60cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
huaweinip6300_firmwarev500r005c00cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*
huaweinip6600_firmwarev500r001c30cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
huaweinip6600_firmwarev500r001c60cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*
huaweinip6600_firmwarev500r005c00cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*
huaweisecospace_usg6500_firmwarev500r001c30cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	ngfw_module_firmware	v500r001c30	cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c30:::::::*
huawei	ngfw_module_firmware	v500r001c60	cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c60:::::::*
huawei	ngfw_module_firmware	v500r005c00	cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:::::::*
huawei	nip6300_firmware	v500r001c30	cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:::::::*
huawei	nip6300_firmware	v500r001c60	cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:::::::*
huawei	nip6300_firmware	v500r005c00	cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:::::::*
huawei	nip6600_firmware	v500r001c30	cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:::::::*
huawei	nip6600_firmware	v500r001c60	cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:::::::*
huawei	nip6600_firmware	v500r005c00	cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:::::::*
huawei	secospace_usg6500_firmware	v500r001c30	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:::::::*

Rows per page:

1-10 of 181

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.8%

JSON

Related for HUAWEI-SA-20200205-01-FIREWALL