Details of VAR-202002-0619

ID

VAR-202002-0619

CVE

CVE-2020-1861

TITLE

Huawei CloudEngine 12800 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14318 // CNNVD: CNNVD-202002-994

DESCRIPTION

CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. Huawei CloudEngine 12800 is a 12800 series data center switch from Huawei of China. An information disclosure vulnerability exists in Huawei CloudEngine 12800, which originates from improper processing of data

Trust: 2.16

sources: NVD: CVE-2020-1861 // JVNDB: JVNDB-2020-002388 // CNVD: CNVD-2020-14318

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-14318

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r001c00spc700	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c50spc800pwe	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r003c00spc810	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r001c00spc600	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c50spc800	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c01	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r003c00spc810pwe	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c00spc800	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c00spc600	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c00spc800pwe	Trust: 1.6
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c10	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c10spc300	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine v200r005c10	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r001c00spc600	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r001c00spc700	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c01	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c50spc800pwe	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810pwe	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc600	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800pwe	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc300	scope:	eq	version:	12800	Trust: 0.6

sources: CNVD: CNVD-2020-14318 // JVNDB: JVNDB-2020-002388 // CNNVD: CNNVD-202002-994 // NVD: CVE-2020-1861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1861
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002388
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-14318
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-994
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-1861
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002388
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-14318
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-1861
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002388
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-14318 // JVNDB: JVNDB-2020-002388 // CNNVD: CNNVD-202002-994 // NVD: CVE-2020-1861

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2020-002388 // NVD: CVE-2020-1861

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-994

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202002-994

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002388

PATCH

title:	huawei-sa-20200219-01-leak	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-leak-en	Trust: 0.8
title:	Patch for Huawei CloudEngine 12800 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/205655	Trust: 0.6
title:	Huawei CloudEngine 12800 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110044	Trust: 0.6

sources: CNVD: CNVD-2020-14318 // JVNDB: JVNDB-2020-002388 // CNNVD: CNNVD-202002-994

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1861	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-002388	Trust: 0.8
db:	CNVD	id:	CNVD-2020-14318	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-994	Trust: 0.6

sources: CNVD: CNVD-2020-14318 // JVNDB: JVNDB-2020-002388 // CNNVD: CNNVD-202002-994 // NVD: CVE-2020-1861

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-1861	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-leak-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1861	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200219-01-leak-cn	Trust: 0.6

sources: CNVD: CNVD-2020-14318 // JVNDB: JVNDB-2020-002388 // CNNVD: CNNVD-202002-994 // NVD: CVE-2020-1861

SOURCES

db:	CNVD	id:	CNVD-2020-14318
db:	JVNDB	id:	JVNDB-2020-002388
db:	CNNVD	id:	CNNVD-202002-994
db:	NVD	id:	CVE-2020-1861

LAST UPDATE DATE

2024-11-23T23:04:29.074000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-14318	date:	2020-02-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-002388	date:	2020-03-13T00:00:00
db:	CNNVD	id:	CNNVD-202002-994	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2020-1861	date:	2024-11-21T05:11:30.093

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-14318	date:	2020-02-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-002388	date:	2020-03-13T00:00:00
db:	CNNVD	id:	CNNVD-202002-994	date:	2020-02-19T00:00:00
db:	NVD	id:	CVE-2020-1861	date:	2020-02-28T19:15:11.780