Details of VAR-202103-0462

ID

VAR-202103-0462

CVE

CVE-2020-9212

TITLE

USG9500 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-017183

DESCRIPTION

There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak. USG9500 Exists in unspecified vulnerabilities.Information may be obtained. Huawei USG9500 could allow a remote malicious user to obtain sensitive information, caused by improper handling of information

Trust: 1.71

sources: NVD: CVE-2020-9212 // JVNDB: JVNDB-2020-017183 // VULMON: CVE-2020-9212

AFFECTED PRODUCTS

vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c20spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c20spc600	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c20spc300	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-017183 // NVD: CVE-2020-9212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9212
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9212
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-348
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9212
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-9212
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9212
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-017183 // CNNVD: CNNVD-202102-348 // NVD: CVE-2020-9212

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-017183 // NVD: CVE-2020-9212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-348

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202102-348

PATCH

title:	huawei-sa-20210203-01-informationleak	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-informationleak-en	Trust: 0.8
title:	Repair measures for information disclosure vulnerabilities in various Huawei products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140570	Trust: 0.6

sources: JVNDB: JVNDB-2020-017183 // CNNVD: CNNVD-202102-348

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9212	Trust: 3.3
db:	JVNDB	id:	JVNDB-2020-017183	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-348	Trust: 0.6
db:	VULMON	id:	CVE-2020-9212	Trust: 0.1

sources: VULMON: CVE-2020-9212 // JVNDB: JVNDB-2020-017183 // CNNVD: CNNVD-202102-348 // NVD: CVE-2020-9212

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-informationleak-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9212	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210203-01-informationleak-cn	Trust: 0.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196189	Trust: 0.1

sources: VULMON: CVE-2020-9212 // JVNDB: JVNDB-2020-017183 // CNNVD: CNNVD-202102-348 // NVD: CVE-2020-9212

SOURCES

db:	VULMON	id:	CVE-2020-9212
db:	JVNDB	id:	JVNDB-2020-017183
db:	CNNVD	id:	CNNVD-202102-348
db:	NVD	id:	CVE-2020-9212

LAST UPDATE DATE

2024-11-23T22:33:07.075000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-9212	date:	2021-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-017183	date:	2022-06-28T06:51:00
db:	CNNVD	id:	CNNVD-202102-348	date:	2021-11-12T00:00:00
db:	NVD	id:	CVE-2020-9212	date:	2024-11-21T05:40:10.563

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-9212	date:	2021-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-017183	date:	2022-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202102-348	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2020-9212	date:	2021-03-22T18:15:14.293