Details of VAR-202004-2102

ID

VAR-202004-2102

CVE

CVE-2020-9068

TITLE

Huawei AR3200 Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004657

DESCRIPTION

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. Huawei AR3200 Exists in a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei AR3200 is an enterprise-level router from China's Huawei company. In Huawei AR3200, there is a vulnerability in the authorization problem

Trust: 2.25

sources: NVD: CVE-2020-9068 // JVNDB: JVNDB-2020-004657 // CNVD: CNVD-2020-27119 // VULMON: CVE-2020-9068

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-27119

AFFECTED PRODUCTS

vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r007c00spc900	Trust: 1.9
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r007c00spca00	Trust: 1.9
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r007c00spcb00	Trust: 1.9
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r007c00spcc00	Trust: 1.9
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r009c00spc500	Trust: 1.9
vendor:	huawei	model:	ar3200 v200r009c00spc500	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c00spc900	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c00spca00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c00spcb00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c00spcc00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-27119 // VULMON: CVE-2020-9068 // JVNDB: JVNDB-2020-004657 // NVD: CVE-2020-9068

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9068
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-004657
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-27119
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-1957
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-9068
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9068
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004657
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-27119
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9068
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004657
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-27119 // VULMON: CVE-2020-9068 // JVNDB: JVNDB-2020-004657 // CNNVD: CNNVD-202004-1957 // NVD: CVE-2020-9068

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-004657 // NVD: CVE-2020-9068

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1957

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1957

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004657

PATCH

title:	huawei-sa-20200422-01-authentication	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-authentication-en	Trust: 0.8
title:	Patch for Huawei AR3200 authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/216763	Trust: 0.6
title:	Huawei AR3200 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116725	Trust: 0.6
title:	Huawei Security Advisories: Security Advisory - Improper Authentication Vulnerability in Several Huawei Products	url:	https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=a8ed5a53f6c4e94239a1b5aef615847b	Trust: 0.1

sources: CNVD: CNVD-2020-27119 // VULMON: CVE-2020-9068 // JVNDB: JVNDB-2020-004657 // CNNVD: CNNVD-202004-1957

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9068	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-004657	Trust: 0.8
db:	CNVD	id:	CNVD-2020-27119	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1957	Trust: 0.6
db:	VULMON	id:	CVE-2020-9068	Trust: 0.1

sources: CNVD: CNVD-2020-27119 // VULMON: CVE-2020-9068 // JVNDB: JVNDB-2020-004657 // CNNVD: CNNVD-202004-1957 // NVD: CVE-2020-9068

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9068	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-authentication-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9068	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200422-01-authentication-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/180310	Trust: 0.1

sources: CNVD: CNVD-2020-27119 // VULMON: CVE-2020-9068 // JVNDB: JVNDB-2020-004657 // CNNVD: CNNVD-202004-1957 // NVD: CVE-2020-9068

SOURCES

db:	CNVD	id:	CNVD-2020-27119
db:	VULMON	id:	CVE-2020-9068
db:	JVNDB	id:	JVNDB-2020-004657
db:	CNNVD	id:	CNNVD-202004-1957
db:	NVD	id:	CVE-2020-9068

LAST UPDATE DATE

2024-11-23T22:48:00.596000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27119	date:	2020-05-08T00:00:00
db:	VULMON	id:	CVE-2020-9068	date:	2020-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-004657	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-1957	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2020-9068	date:	2024-11-21T05:39:57.813

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-27119	date:	2020-05-08T00:00:00
db:	VULMON	id:	CVE-2020-9068	date:	2020-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-004657	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-1957	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2020-9068	date:	2020-04-27T16:15:12.850