Lucene search

Huawei TechnologiesHUAWEI-SA-20200506-02-AUTHENTICATION

HistoryMay 06, 2020 - 12:00 a.m.

Security Advisory - Improper Authentication Vulnerability in Several Huawei Products

2020-05-0600:00:00

Huawei Technologies

www.huawei.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.2%

JSON

Some Huawei products have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. (Vulnerability ID: HWPSIRT-2020-03160)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9099.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en

Affected configurations

Vulners

Node

huaweiips_moduleMatchv500r001c00

huaweiips_moduleMatchv500r001c20

huaweiips_moduleMatchv500r001c30

huaweiips_moduleMatchv500r001c50

huaweiips_moduleMatchv500r001c60

huaweiips_moduleMatchv500r001c80

huaweiips_moduleMatchv500r005c00

huaweiips_moduleMatchv500r005c10

huaweiips_moduleMatchv500r005c20

huaweingfw_moduleMatchv500r001c00

huaweingfw_moduleMatchv500r001c20

huaweingfw_moduleMatchv500r001c30

huaweingfw_moduleMatchv500r001c50

huaweingfw_moduleMatchv500r001c60

huaweingfw_moduleMatchv500r002c00

huaweingfw_moduleMatchv500r002c10

huaweingfw_moduleMatchv500r002c20

huaweingfw_moduleMatchv500r002c30

huaweingfw_moduleMatchv500r005c00

huaweingfw_moduleMatchv500r005c10

huaweingfw_moduleMatchv500r005c20

huaweinip6300Matchv500r001c00

huaweinip6300Matchv500r001c20

huaweinip6300Matchv500r001c30

huaweinip6300Matchv500r001c50

huaweinip6300Matchv500r001c60

huaweinip6300Matchv500r001c80

huaweinip6300Matchv500r005c00

huaweinip6300Matchv500r005c10

huaweinip6300Matchv500r005c20

huaweinip6600Matchv500r001c00

huaweinip6600Matchv500r001c20

huaweinip6600Matchv500r001c30

huaweinip6600Matchv500r001c50

huaweinip6600Matchv500r001c60

huaweinip6600Matchv500r001c80

huaweinip6600Matchv500r005c00

huaweinip6600Matchv500r005c10

huaweinip6600Matchv500r005c20

huaweinip6800Matchv500r001c60

huaweinip6800Matchv500r001c80

huaweinip6800Matchv500r005c00

huaweinip6800Matchv500r005c10

huaweinip6800Matchv500r005c20

huaweisecospace_usg6300Matchv500r001c00

huaweisecospace_usg6300Matchv500r001c20

huaweisecospace_usg6300Matchv500r001c30

huaweisecospace_usg6300Matchv500r001c50

huaweisecospace_usg6300Matchv500r001c60

huaweisecospace_usg6300Matchv500r001c80

huaweisecospace_usg6300Matchv500r005c00

huaweisecospace_usg6300Matchv500r005c10

huaweisecospace_usg6300Matchv500r005c20

huaweisecospace_usg6500Matchv500r001c00

huaweisecospace_usg6500Matchv500r001c20

huaweisecospace_usg6500Matchv500r001c30

huaweisecospace_usg6500Matchv500r001c50

huaweisecospace_usg6500Matchv500r001c60

huaweisecospace_usg6500Matchv500r001c80

huaweisecospace_usg6500Matchv500r005c00

huaweisecospace_usg6500Matchv500r005c10

huaweisecospace_usg6500Matchv500r005c20

huaweisecospace_usg6600Matchv500r001c00

huaweisecospace_usg6600Matchv500r001c20

huaweisecospace_usg6600Matchv500r001c30

huaweisecospace_usg6600Matchv500r001c50

huaweisecospace_usg6600Matchv500r001c60

huaweisecospace_usg6600Matchv500r001c80

huaweisecospace_usg6600Matchv500r005c00

huaweisecospace_usg6600Matchv500r005c10

huaweisecospace_usg6600Matchv500r005c20

huaweiusg9500Matchv500r001c00

huaweiusg9500Matchv500r001c20

huaweiusg9500Matchv500r001c30

huaweiusg9500Matchv500r001c50

huaweiusg9500Matchv500r001c60

huaweiusg9500Matchv500r001c80

huaweiusg9500Matchv500r005c00

huaweiusg9500Matchv500r005c10

huaweiusg9500Matchv500r005c20

huaweiusg6000eMatchv600r007c00

huaweiips6000eMatchv600r007c00

huaweiarMatchv200r007c00

huaweiarMatchv200r009c00

huaweiarMatchv200r010c00

CPENameOperatorVersion
ips moduleeqV500R001C00
ips moduleeqV500R001C20
ips moduleeqV500R001C30
ips moduleeqV500R001C50
ips moduleeqV500R001C60
ips moduleeqV500R001C80
ips moduleeqV500R005C00
ips moduleeqV500R005C10
ips moduleeqV500R005C20
ngfw moduleeqV500R001C00

Name	Operator	Version
ips module	eq	V500R001C00
ips module	eq	V500R001C20
ips module	eq	V500R001C30
ips module	eq	V500R001C50
ips module	eq	V500R001C60
ips module	eq	V500R001C80
ips module	eq	V500R005C00
ips module	eq	V500R005C10
ips module	eq	V500R005C20
ngfw module	eq	V500R001C00

Rows per page:

1-10 of 851

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for HUAWEI-SA-20200506-02-AUTHENTICATION