Insufficient Verification Vulnerability in Huawei HEGE-560 and OSCA Series
CVE-2020-1843

6.8MEDIUM

Key Information:

Vendor: Huawei
Status: Hege-560; Osca-550; Osca-550a; Osca-550ax
Vendor: CVE Published:; 18 February 2020

Summary

The Huawei HEGE-560 and OSCA series, specifically the versions mentioned, have a vulnerability that arises from insufficient verification. An adversary with physical access can exploit this flaw to perform unauthorized operations, which could lead to potential misuse of the affected devices. This vulnerability emphasizes the need for enhanced security measures to prevent physical access exploitation.

Affected Version(s)

HEGE-560 1.0.1.20(SP2)

OSCA-550 1.0.0.71(SP1)

OSCA-550A 1.0.0.71(SP1)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2020
Vulnerability Reserved
Nov 29, 2019