Sign-up

ID

VAR-202001-1006


CVE

CVE-2020-1871


TITLE

USG9500 Vulnerable to insufficient protection of credentials

Trust: 0.8

sources: JVNDB: JVNDB-2020-001009

DESCRIPTION

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity. USG9500 Contains a vulnerability related to insufficient protection of credentials.Information may be obtained and information may be altered

Trust: 1.62

sources: NVD: CVE-2020-1871 // JVNDB: JVNDB-2020-001009

AFFECTED PRODUCTS

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc600

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60spc500

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc200

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00spc100

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00spc200

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc100

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:500r001c30spc100

Trust: 0.8

vendor:huaweimodel:usg9500scope:eqversion:500r001c30spc200

Trust: 0.8

vendor:huaweimodel:usg9500scope:eqversion:500r001c30spc600

Trust: 0.8

vendor:huaweimodel:usg9500scope:eqversion:500r001c60spc500

Trust: 0.8

vendor:huaweimodel:usg9500scope:eqversion:500r005c00spc100

Trust: 0.8

vendor:huaweimodel:usg9500scope:eqversion:500r005c00spc200

Trust: 0.8

vendor:huaweimodel:usg9500scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2020-001009 // CNNVD: CNNVD-202001-039 // NVD: CVE-2020-1871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1871
value: HIGH

Trust: 1.0

NVD: CVE-2020-1871
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-039
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-1871
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-1871
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-1871
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-001009 // CNNVD: CNNVD-202001-039 // NVD: CVE-2020-1871

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-522

Trust: 0.8

sources: JVNDB: JVNDB-2020-001009 // NVD: CVE-2020-1871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-039

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-039

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001009

PATCH
title:huawei-sa-20200102-01-credentialurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en
Trust: 0.8
title:Huawei USG9500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106565
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001009 // 
            
            
            
            CNNVD: CNNVD-202001-039

EXTERNAL IDS
db:NVDid:CVE-2020-1871
Trust: 2.4
db:JVNDBid:JVNDB-2020-001009
Trust: 0.8
db:CNNVDid:CNNVD-202001-039
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001009 // 
            
            
            
            CNNVD: CNNVD-202001-039 // 
            
            
            
            NVD: CVE-2020-1871

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1871
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1871
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200102-01-credential-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001009 // 
            
            
            
            CNNVD: CNNVD-202001-039 // 
            
            
            
            NVD: CVE-2020-1871

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-039

SOURCES
db:JVNDBid:JVNDB-2020-001009
db:CNNVDid:CNNVD-202001-039
db:NVDid:CVE-2020-1871

LAST UPDATE DATE
2024-11-23T22:44:45.206000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-001009date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-039date:2020-02-12T00:00:00
db:NVDid:CVE-2020-1871date:2024-11-21T05:11:30.927

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-001009date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-039date:2020-01-02T00:00:00
db:NVDid:CVE-2020-1871date:2020-01-03T15:15:12.133