Sign-up

ID

VAR-202002-0618


CVE

CVE-2020-1860


TITLE

plural Huawei Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002387

DESCRIPTION

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet. NIP6800 , Secospace USG6600 , USG9500 There is an input verification vulnerability in.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2020-1860 // JVNDB: JVNDB-2020-002387

AFFECTED PRODUCTS

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c60

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60

Trust: 1.6

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:nip6800scope:eqversion:v500r001c60

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:nip6800scope:eqversion:v500r005c00

Trust: 1.6

vendor:huaweimodel:nip6800scope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c00

Trust: 1.6

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00

Trust: 1.0

vendor:huaweimodel:nip6800scope: - version: -

Trust: 0.8

vendor:huaweimodel:secospace usg6600scope: - version: -

Trust: 0.8

vendor:huaweimodel:usg9500scope: - version: -

Trust: 0.8

vendor:huaweimodel:nip6800scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:secospace usg6600scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2020-002387 // CNNVD: CNNVD-202002-990 // NVD: CVE-2020-1860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1860
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002387
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-990
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-1860
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002387
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1860
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002387
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002387 // CNNVD: CNNVD-202002-990 // NVD: CVE-2020-1860

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2020-002387 // NVD: CVE-2020-1860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-990

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-990

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002387

PATCH
title:huawei-sa-20200219-02-firewallurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en
Trust: 0.8
title:Multiple Huawei Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111203
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002387 // 
            
            
            
            CNNVD: CNNVD-202002-990

EXTERNAL IDS
db:NVDid:CVE-2020-1860
Trust: 2.4
db:JVNDBid:JVNDB-2020-002387
Trust: 0.8
db:CNNVDid:CNNVD-202002-990
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002387 // 
            
            
            
            CNNVD: CNNVD-202002-990 // 
            
            
            
            NVD: CVE-2020-1860

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1860
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1860
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200219-02-firewall-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002387 // 
            
            
            
            CNNVD: CNNVD-202002-990 // 
            
            
            
            NVD: CVE-2020-1860

SOURCES
db:JVNDBid:JVNDB-2020-002387
db:CNNVDid:CNNVD-202002-990
db:NVDid:CVE-2020-1860

LAST UPDATE DATE
2024-11-23T22:44:44.146000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002387date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-990date:2020-03-09T00:00:00
db:NVDid:CVE-2020-1860date:2024-11-21T05:11:29.970

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002387date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-990date:2020-02-19T00:00:00
db:NVDid:CVE-2020-1860date:2020-02-28T19:15:11.437