Lucene search

HuaweiCVE-2020-1843

HistoryFeb 18, 2020 - 3:15 a.m.

CVE-2020-1843

2020-02-1803:15:11

huawei

web.nvd.nist.gov

huawei

hege-560

osca-550

vulnerability

inadequate verification

physical access

nvd

cve-2020-1843

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation.

Affected configurations

Nvd

Vulners

Node

huaweihege-560_firmwareMatch1.0.1.20\(sp2\)

AND

huaweihege-560Match-

Node

huaweiosca-550_firmwareMatch1.0.0.71\(sp1\)

AND

huaweiosca-550Match-

Node

huaweiosca-550a_firmwareMatch1.0.0.71\(sp1\)

AND

huaweiosca-550aMatch-

Node

huaweiosca-550ax_firmwareMatch1.0.0.71\(sp2\)

AND

huaweiosca-550axMatch-

Node

huaweiosca-550x_firmwareMatch1.0.0.71\(sp2\)

AND

huaweiosca-550xMatch-

VendorProductVersionCPE
huaweihege-560_firmware1.0.1.20(sp2)cpe:2.3:o:huawei:hege-560_firmware:1.0.1.20\(sp2\):*:*:*:*:*:*:*
huaweihege-560-cpe:2.3:h:huawei:hege-560:-:*:*:*:*:*:*:*
huaweiosca-550_firmware1.0.0.71(sp1)cpe:2.3:o:huawei:osca-550_firmware:1.0.0.71\(sp1\):*:*:*:*:*:*:*
huaweiosca-550-cpe:2.3:h:huawei:osca-550:-:*:*:*:*:*:*:*
huaweiosca-550a_firmware1.0.0.71(sp1)cpe:2.3:o:huawei:osca-550a_firmware:1.0.0.71\(sp1\):*:*:*:*:*:*:*
huaweiosca-550a-cpe:2.3:h:huawei:osca-550a:-:*:*:*:*:*:*:*
huaweiosca-550ax_firmware1.0.0.71(sp2)cpe:2.3:o:huawei:osca-550ax_firmware:1.0.0.71\(sp2\):*:*:*:*:*:*:*
huaweiosca-550ax-cpe:2.3:h:huawei:osca-550ax:-:*:*:*:*:*:*:*
huaweiosca-550x_firmware1.0.0.71(sp2)cpe:2.3:o:huawei:osca-550x_firmware:1.0.0.71\(sp2\):*:*:*:*:*:*:*
huaweiosca-550x-cpe:2.3:h:huawei:osca-550x:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	hege-560_firmware	1.0.1.20(sp2)	cpe:2.3:o:huawei:hege-560_firmware:1.0.1.20\(sp2\):::::::*
huawei	hege-560	-	cpe:2.3:h:huawei:hege-560:-:::::::*
huawei	osca-550_firmware	1.0.0.71(sp1)	cpe:2.3:o:huawei:osca-550_firmware:1.0.0.71\(sp1\):::::::*
huawei	osca-550	-	cpe:2.3:h:huawei:osca-550:-:::::::*
huawei	osca-550a_firmware	1.0.0.71(sp1)	cpe:2.3:o:huawei:osca-550a_firmware:1.0.0.71\(sp1\):::::::*
huawei	osca-550a	-	cpe:2.3:h:huawei:osca-550a:-:::::::*
huawei	osca-550ax_firmware	1.0.0.71(sp2)	cpe:2.3:o:huawei:osca-550ax_firmware:1.0.0.71\(sp2\):::::::*
huawei	osca-550ax	-	cpe:2.3:h:huawei:osca-550ax:-:::::::*
huawei	osca-550x_firmware	1.0.0.71(sp2)	cpe:2.3:o:huawei:osca-550x_firmware:1.0.0.71\(sp2\):::::::*
huawei	osca-550x	-	cpe:2.3:h:huawei:osca-550x:-:::::::*

CNA Affected

[
  {
    "product": "HEGE-560",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.1.20(SP2)"
      }
    ]
  },
  {
    "product": "OSCA-550",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0.71(SP1)"
      }
    ]
  },
  {
    "product": "OSCA-550A",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0.71(SP1)"
      }
    ]
  },
  {
    "product": "OSCA-550AX",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0.71(SP2)"
      }
    ]
  },
  {
    "product": "OSCA-550X",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0.71(SP2)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Related for CVE-2020-1843