Improper Integrity Checking Vulnerability in Huawei HEGE and OSCA Products
CVE-2020-1879

3.9LOW

Key Information:

Vendor: Huawei
Status: Hege-560;hege-570;osca-550;osca-550a;osca-550ax;osca-550x
Vendor: CVE Published:; 20 March 2020

Summary

An improper integrity checking vulnerability has been identified in select Huawei products. This flaw allows an attacker with elevated privileges to execute malicious modifications to the software, potentially compromising the integrity of the affected systems. Notably, the impacted versions include specific releases of the HEGE and OSCA product lines, where the security oversight in integrity verification creates avenues for exploitation.

Affected Version(s)

HEGE-560;HEGE-570;OSCA-550;OSCA-550A;OSCA-550AX;OSCA-550X 1.0.1.21(SP3)

HEGE-560;HEGE-570;OSCA-550;OSCA-550A;OSCA-550AX;OSCA-550X 1.0.1.22(SP3)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Nov 29, 2019