Details of VAR-202002-0615

ID

VAR-202002-0615

CVE

CVE-2020-1856

TITLE

plural Huawei Information leakage vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-002093

DESCRIPTION

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. plural Huawei The product contains a vulnerability related to information leakage.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-1856 // JVNDB: JVNDB-2020-002093

AFFECTED PRODUCTS

vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c30	Trust: 1.8
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c60	Trust: 1.8
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r005c00	Trust: 1.8
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30	Trust: 1.8
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c60	Trust: 1.8
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r005c00	Trust: 1.8
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30	Trust: 1.8
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c60	Trust: 1.8
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r005c00	Trust: 1.8
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30	Trust: 1.8
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c60	Trust: 1.8
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r005c00	Trust: 1.8
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30	Trust: 1.8
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60	Trust: 1.8
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00	Trust: 1.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30	Trust: 1.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60	Trust: 1.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00	Trust: 1.8

sources: JVNDB: JVNDB-2020-002093 // NVD: CVE-2020-1856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1856
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-002093
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202002-412
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-1856
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002093
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-1856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002093
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-002093 // CNNVD: CNNVD-202002-412 // NVD: CVE-2020-1856

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2020-002093 // NVD: CVE-2020-1856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-412

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202002-412

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002093

PATCH

title:	huawei-sa-20200205-01-firewall	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en	Trust: 0.8
title:	Repair measures for multiple Huawei product information leaks	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110182	Trust: 0.6

sources: JVNDB: JVNDB-2020-002093 // CNNVD: CNNVD-202002-412

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1856	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-002093	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-412	Trust: 0.6

sources: JVNDB: JVNDB-2020-002093 // CNNVD: CNNVD-202002-412 // NVD: CVE-2020-1856

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1856	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1856	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200205-01-firewall-cn	Trust: 0.6

sources: JVNDB: JVNDB-2020-002093 // CNNVD: CNNVD-202002-412 // NVD: CVE-2020-1856

SOURCES

db:	JVNDB	id:	JVNDB-2020-002093
db:	CNNVD	id:	CNNVD-202002-412
db:	NVD	id:	CVE-2020-1856

LAST UPDATE DATE

2024-11-23T22:48:08.726000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-002093	date:	2020-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202002-412	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-1856	date:	2024-11-21T05:11:29.587

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-002093	date:	2020-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202002-412	date:	2020-02-05T00:00:00
db:	NVD	id:	CVE-2020-1856	date:	2020-02-17T21:15:13.117