Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1871

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.

Published

2020-01-03T15:15:12.133

Last Modified

2024-11-21T05:11:30.927

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	usg9500_firmware	v500r001c30spc100	Yes
Operating System	huawei	usg9500_firmware	v500r001c30spc200	Yes
Operating System	huawei	usg9500_firmware	v500r001c30spc600	Yes
Operating System	huawei	usg9500_firmware	v500r001c60spc500	Yes
Operating System	huawei	usg9500_firmware	v500r005c00spc100	Yes
Operating System	huawei	usg9500_firmware	v500r005c00spc200	Yes
Hardware	huawei	usg9500	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)