Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1864

Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.

Published

2020-03-20T15:15:14.247

Last Modified

2024-11-21T05:11:30.427

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	secospace_antiddos8000_firmware	v500r001c00	Yes
Operating System	huawei	secospace_antiddos8000_firmware	v500r001c20	Yes
Operating System	huawei	secospace_antiddos8000_firmware	v500r001c60	Yes
Operating System	huawei	secospace_antiddos8000_firmware	v500r005c00	Yes
Hardware	huawei	secospace_antiddos8000	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authentication-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authentication-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)