Sign-up

ID

VAR-202003-1138


CVE

CVE-2020-1864


TITLE

plural Huawei Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-003108

DESCRIPTION

Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1864 // JVNDB: JVNDB-2020-003108

AFFECTED PRODUCTS

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r001c00

Trust: 1.8

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r001c20

Trust: 1.8

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r001c60

Trust: 1.8

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r005c00

Trust: 1.8

sources: JVNDB: JVNDB-2020-003108 // NVD: CVE-2020-1864

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-1864
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003108
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-1141
value: HIGH

Trust: 0.6

NVD: CVE-2020-1864
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003108
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-1864
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003108
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-003108 // CNNVD: CNNVD-202003-1141 // NVD: CVE-2020-1864

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-003108 // NVD: CVE-2020-1864

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1141

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-1141

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-1864

PATCH
title:huawei-sa-20200318-01-authenticationurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authentication-en
Trust: 0.8
title:Huawei Secospace AntiDDoS8000 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112620
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003108 // 
            
            
            
            CNNVD: CNNVD-202003-1141

EXTERNAL IDS
db:NVDid:CVE-2020-1864
Trust: 2.4
db:JVNDBid:JVNDB-2020-003108
Trust: 0.8
db:CNNVDid:CNNVD-202003-1141
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003108 // 
            
            
            
            CNNVD: CNNVD-202003-1141 // 
            
            
            
            NVD: CVE-2020-1864

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authentication-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1864
Trust: 1.4
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200318-01-authentication-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1864
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003108 // 
            
            
            
            CNNVD: CNNVD-202003-1141 // 
            
            
            
            NVD: CVE-2020-1864

SOURCES
db:JVNDBid:JVNDB-2020-003108
db:CNNVDid:CNNVD-202003-1141
db:NVDid:CVE-2020-1864

LAST UPDATE DATE
2022-05-04T09:42:34.110000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-003108date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-1141date:2020-12-17T00:00:00
db:NVDid:CVE-2020-1864date:2020-03-23T21:47:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-003108date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-1141date:2020-03-18T00:00:00
db:NVDid:CVE-2020-1864date:2020-03-20T15:15:00