CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
25.0%
There is a denial of service vulnerability in several products. The device does not properly handle certain message from base station, the attacker should craft a fake base station to launch the attack, successful exploit could cause a denial of signal service condition. (Vulnerability ID: HWPSIRT-2020-02167)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1837.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200624-01-dos-en
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | columbia-al10b_firmware | * | cpe:2.3:o:huawei:columbia-al10b_firmware:*:*:*:*:*:*:*:* |
huawei | columbia-l29d_firmware | * | cpe:2.3:o:huawei:columbia-l29d_firmware:*:*:*:*:*:*:*:* |
huawei | bond-tl10c_firmware | * | cpe:2.3:o:huawei:bond-tl10c_firmware:*:*:*:*:*:*:*:* |
huawei | cornell-al00a_firmware | * | cpe:2.3:o:huawei:cornell-al00a_firmware:*:*:*:*:*:*:*:* |
huawei | florida-l21_firmware | * | cpe:2.3:o:huawei:florida-l21_firmware:*:*:*:*:*:*:*:* |
huawei | dura-tl00a_firmware | * | cpe:2.3:o:huawei:dura-tl00a_firmware:*:*:*:*:*:*:*:* |
huawei | p20_pro_firmware | * | cpe:2.3:o:huawei:p20_pro_firmware:*:*:*:*:*:*:*:* |
huawei | nova_3_firmware | * | cpe:2.3:o:huawei:nova_3_firmware:*:*:*:*:*:*:*:* |
huawei | nova_4_firmware | * | cpe:2.3:o:huawei:nova_4_firmware:*:*:*:*:*:*:*:* |
huawei | lelandp-l22d_firmware | * | cpe:2.3:o:huawei:lelandp-l22d_firmware:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
25.0%