Vulnerabilities > CVE-2020-1860 - Unspecified vulnerability in Huawei products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

huawei

NVD

Published: 2020-02-28

Updated: 2021-07-21

Summary

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Nip6800 Firmware V500R001C30 Huawei Nip6800 Firmware V500R001C60 Huawei Nip6800 Firmware V500R005C00 Huawei Secospace Usg6600 Firmware V500R001C30 Huawei Secospace Usg6600 Firmware V500R001C60 Huawei Secospace Usg6600 Firmware V500R005C00 Huawei Usg9500 Firmware V500R001C30 Huawei Usg9500 Firmware V500R001C60 Huawei Usg9500 Firmware V500R005C00	9
Hardware	Huawei Huawei Nip6800 - Huawei Secospace Usg6600 - Huawei Usg9500 -	3

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en