Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1860

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.

Published

2020-02-28T19:15:11.437

Last Modified

2024-11-21T05:11:29.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	nip6800_firmware	v500r001c30	Yes
Operating System	huawei	nip6800_firmware	v500r001c60	Yes
Operating System	huawei	nip6800_firmware	v500r005c00	Yes
Hardware	huawei	nip6800	-	No
Operating System	huawei	secospace_usg6600_firmware	v500r001c30	Yes
Operating System	huawei	secospace_usg6600_firmware	v500r001c60	Yes
Operating System	huawei	secospace_usg6600_firmware	v500r005c00	Yes
Hardware	huawei	secospace_usg6600	-	No
Operating System	huawei	usg9500_firmware	v500r001c30	Yes
Operating System	huawei	usg9500_firmware	v500r001c60	Yes
Operating System	huawei	usg9500_firmware	v500r005c00	Yes
Hardware	huawei	usg9500	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)