Details of VAR-202006-1562

ID

VAR-202006-1562

CVE

CVE-2020-9099

TITLE

plural Huawei Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006304

DESCRIPTION

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. (Vulnerability ID: HWPSIRT-2020-03160) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9099. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en

Trust: 1.71

sources: NVD: CVE-2020-9099 // JVNDB: JVNDB-2020-006304 // VULMON: CVE-2020-9099

AFFECTED PRODUCTS

vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r002c30	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r002c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r002c20	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r005c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ngfw module	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-006304 // NVD: CVE-2020-9099

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9099
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-006304
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202006-593
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-9099
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006304
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-9099
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006304
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-006304 // CNNVD: CNNVD-202006-593 // NVD: CVE-2020-9099

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-006304 // NVD: CVE-2020-9099

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-593

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202006-593

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006304

PATCH

title:	huawei-sa-20200506-02-authentication	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en	Trust: 0.8
title:	Multiple Huawei Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121390	Trust: 0.6
title:	Huawei Security Advisories: Security Advisory - Improper Authentication Vulnerability in Several Huawei Products	url:	https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=76c3cedd0975db1f02ae742e72b8987e	Trust: 0.1

sources: VULMON: CVE-2020-9099 // JVNDB: JVNDB-2020-006304 // CNNVD: CNNVD-202006-593

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9099	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-006304	Trust: 0.8
db:	CNNVD	id:	CNNVD-202006-593	Trust: 0.6
db:	VULMON	id:	CVE-2020-9099	Trust: 0.1

sources: VULMON: CVE-2020-9099 // JVNDB: JVNDB-2020-006304 // CNNVD: CNNVD-202006-593 // NVD: CVE-2020-9099

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9099	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9099	Trust: 0.8

sources: VULMON: CVE-2020-9099 // JVNDB: JVNDB-2020-006304 // CNNVD: CNNVD-202006-593 // NVD: CVE-2020-9099

SOURCES

db:	VULMON	id:	CVE-2020-9099
db:	JVNDB	id:	JVNDB-2020-006304
db:	CNNVD	id:	CNNVD-202006-593
db:	NVD	id:	CVE-2020-9099

LAST UPDATE DATE

2024-11-23T23:01:21.402000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-9099	date:	2020-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-006304	date:	2020-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202006-593	date:	2020-06-12T00:00:00
db:	NVD	id:	CVE-2020-9099	date:	2024-11-21T05:40:01.350

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-9099	date:	2020-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-006304	date:	2020-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202006-593	date:	2020-06-08T00:00:00
db:	NVD	id:	CVE-2020-9099	date:	2020-06-08T14:15:13.353