Sign-up

ID

VAR-202001-0905


CVE

CVE-2020-1810


TITLE

plural Huawei Vulnerability in using cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-001325

DESCRIPTION

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. plural Huawei The product contains a vulnerability regarding the use of cryptographic algorithms.Information may be obtained. Huawei CloudEngine 12800 and other products are products of China's Huawei. Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei S5700 is an enterprise-class switch product. Huawei S6700 is an enterprise-class switch product. A security vulnerability exists in Huawei CloudEngine 12800, S5700, and S6700

Trust: 2.16

sources: NVD: CVE-2020-1810 // JVNDB: JVNDB-2020-001325 // CNVD: CNVD-2020-02175

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02175

AFFECTED PRODUCTS

vendor:huaweimodel:s5700scope:eqversion:v200r007c00spc500

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r006c00spc300

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r005c00spc500

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r005c03

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r006c00spc100

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00spc100

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r006c00spc500

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r005c01

Trust: 1.6

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c10spc100

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c00spc300

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c10spc100

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r006c00

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c10hp0001

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v200r002c01

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c00spc200

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v200r002c10

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v200r002c20

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c00spc600

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00spc500

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v200r005c10

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c10spc200

Trust: 1.0

vendor:huaweimodel:cloudengine 12800scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:cloudengine v100r006c00scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r001c00scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c10scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:cloudengine v200r002c10scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r002c20scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:cloudengine v200r002c01scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r003c00spc600scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r003c10spc100scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c00spc200scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c00spc300scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c10hp0001scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c10spc100scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c10spc200scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:s6700scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:s5700scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-02175 // JVNDB: JVNDB-2020-001325 // CNNVD: CNNVD-202001-275 // NVD: CVE-2020-1810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1810
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1810
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-02175
value: LOW

Trust: 0.6

CNNVD: CNNVD-202001-275
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-1810
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02175
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1810
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-1810
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02175 // JVNDB: JVNDB-2020-001325 // CNNVD: CNNVD-202001-275 // NVD: CVE-2020-1810

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.8

sources: JVNDB: JVNDB-2020-001325 // NVD: CVE-2020-1810

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001325

PATCH
title:huawei-sa-20200108-01-rsaurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en
Trust: 0.8
title:Patch for Huawei CloudEngine 12800, S5700, and S6700 Weak Algorithm Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/197019
Trust: 0.6
title:Huawei CloudEngine 12800 , S5700  and S6700 Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108373
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02175 // 
            
            
            
            JVNDB: JVNDB-2020-001325 // 
            
            
            
            CNNVD: CNNVD-202001-275

EXTERNAL IDS
db:NVDid:CVE-2020-1810
Trust: 3.0
db:JVNDBid:JVNDB-2020-001325
Trust: 0.8
db:CNVDid:CNVD-2020-02175
Trust: 0.6
db:CNNVDid:CNNVD-202001-275
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02175 // 
            
            
            
            JVNDB: JVNDB-2020-001325 // 
            
            
            
            CNNVD: CNNVD-202001-275 // 
            
            
            
            NVD: CVE-2020-1810

REFERENCES
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn
Trust: 1.2
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1810
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1810
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-02175 // 
            
            
            
            JVNDB: JVNDB-2020-001325 // 
            
            
            
            CNNVD: CNNVD-202001-275 // 
            
            
            
            NVD: CVE-2020-1810

SOURCES
db:CNVDid:CNVD-2020-02175
db:JVNDBid:JVNDB-2020-001325
db:CNNVDid:CNNVD-202001-275
db:NVDid:CVE-2020-1810

LAST UPDATE DATE
2024-11-23T23:11:35.452000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02175date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001325date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-275date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1810date:2024-11-21T05:11:25.460

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02175date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001325date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-275date:2020-01-08T00:00:00
db:NVDid:CVE-2020-1810date:2020-01-09T18:15:10.593