Lucene search

Huawei TechnologiesHUAWEI-SA-20201216-01-VRP

HistoryDec 16, 2020 - 12:00 a.m.

Security Advisory - Improper Authentication Vulnerability in Huawei Product

2020-12-1600:00:00

Huawei Technologies

www.huawei.com

huawei

authentication vulnerability

cve-2020-9207

software updates

security advisory

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.0%

JSON

There is an improper authentication vulnerability in Huawei Products. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. (Vulnerability ID: HWPSIRT-2020-77049)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9207.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en>

Affected configurations

Vulners

Node

huaweicloudengine_12800_firmwareMatchv200r019c00spc800

huaweicloudengine_5800_firmwareMatchv200r019c00spc800

huaweicloudengine_6800_firmwareMatchv200r005c20spc800

huaweicloudengine_6800_firmwareMatchv200r019c00spc800

huaweicloudengine_7800_firmwareMatchv200r019c00spc800

VendorProductVersionCPE
huaweicloudengine_12800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_6800_firmwarev200r005c20spc800cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:*:*:*:*:*:*:*
huaweicloudengine_6800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_7800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	cloudengine_12800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:::::::*
huawei	cloudengine_5800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:::::::*
huawei	cloudengine_6800_firmware	v200r005c20spc800	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:::::::*
huawei	cloudengine_6800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:::::::*
huawei	cloudengine_7800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:::::::*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.0%

JSON

Related for HUAWEI-SA-20201216-01-VRP