CVE-2020-1856

7.5HIGH

Key Information:

Vendor: Huawei
Status: Ngfw Module, Nip6300, Nip6600, Secospace Usg6500, Secospace Usg6600, Usg9500
Vendor: CVE Published:; 17 February 2020

Summary

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.

Affected Version(s)

NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, USG9500 V500R001C30

NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, USG9500 V500R001C60

NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, USG9500 V500R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2020
Vulnerability Reserved
Nov 29, 2019