Improper Authentication in Huawei Network Equipment
CVE-2020-9099

9.8CRITICAL

Key Information:

Vendor: Huawei
Status: Ips Module; Ngfw Module; Nip6300; Nip6600; Nip6800; Secospace Usg6300; Secospace Usg6500; Secospace Usg6600; Usg9500
Vendor: CVE Published:; 8 June 2020

Summary

Huawei's network equipment, including the IPS and NGFW Modules, as well as various models of the NIP and Secospace USG series, suffer from an improper authentication vulnerability. This flaw allows attackers to potentially perform specific operations to exploit the vulnerability, leading to unauthorized access and elevated permissions on the affected devices. Proper security measures and updates are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 V500R001C00

IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 V500R001C20

IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 V500R001C30

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2020
Vulnerability Reserved
Feb 18, 2020