Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1842

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.

Published

2020-02-18T04:15:14.507

Last Modified

2024-11-21T05:11:28.567

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	hege-560_firmware	1.0.1.20\(sp2\)	Yes
Hardware	huawei	hege-560	-	No
Operating System	huawei	osca-550_firmware	1.0.0.71\(sp1\)	Yes
Hardware	huawei	osca-550	-	No
Operating System	huawei	osca-550a_firmware	1.0.0.71\(sp1\)	Yes
Hardware	huawei	osca-550a	-	No
Operating System	huawei	osca-550ax_firmware	1.0.0.71\(sp2\)	Yes
Hardware	huawei	osca-550ax	-	No
Operating System	huawei	osca-550x_firmware	1.0.0.71\(sp2\)	Yes
Hardware	huawei	osca-550x	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)