Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1843

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation.

Published

2020-02-18T03:15:11.217

Last Modified

2024-11-21T05:11:28.697

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	hege-560_firmware	1.0.1.20\(sp2\)	Yes
Hardware	huawei	hege-560	-	No
Operating System	huawei	osca-550_firmware	1.0.0.71\(sp1\)	Yes
Hardware	huawei	osca-550	-	No
Operating System	huawei	osca-550a_firmware	1.0.0.71\(sp1\)	Yes
Hardware	huawei	osca-550a	-	No
Operating System	huawei	osca-550ax_firmware	1.0.0.71\(sp2\)	Yes
Hardware	huawei	osca-550ax	-	No
Operating System	huawei	osca-550x_firmware	1.0.0.71\(sp2\)	Yes
Hardware	huawei	osca-550x	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)