Access Control Bypass in Huawei Secospace Firewall Products
CVE-2020-1860

7.5HIGH

Key Information:

Vendor: Huawei
Status: Nip6800;secospace Usg6600;usg9500
Vendor: CVE Published:; 28 February 2020

Summary

The Huawei Secospace USG6600 and USG9500 series firewalls are prone to an access control bypass vulnerability. Affected versions include V500R001C30, V500R001C60SPC500, and V500R005C00SPC100. This vulnerability allows attackers with internal network access to potentially bypass established access controls and directly reach the Internet. This sophisticated exploit requires a careful deployment, emphasizing the need for enhanced security measures to protect sensitive information within the network.

Affected Version(s)

NIP6800;Secospace USG6600;USG9500 V500R001C30,V500R001C60,V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2020
Vulnerability Reserved
Nov 29, 2019