Sign-up

ID

VAR-202002-0601


CVE

CVE-2020-1842


TITLE

plural Huawei Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002081

DESCRIPTION

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1842 // JVNDB: JVNDB-2020-002081

AFFECTED PRODUCTS

vendor:huaweimodel:osca-550ascope:eqversion:1.0.0.71\(sp1\)

Trust: 1.0

vendor:huaweimodel:osca-550scope:eqversion:1.0.0.71\(sp1\)

Trust: 1.0

vendor:huaweimodel:hege-560scope:eqversion:1.0.1.20\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550xscope:eqversion:1.0.0.71\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550axscope:eqversion:1.0.0.71\(sp2\)

Trust: 1.0

vendor:huaweimodel:hege-560scope:eqversion:1.0.1.20(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550scope:eqversion:1.0.0.71(sp1)

Trust: 0.8

vendor:huaweimodel:osca-550ascope:eqversion:1.0.0.71(sp1)

Trust: 0.8

vendor:huaweimodel:osca-550axscope:eqversion:1.0.0.71(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550xscope:eqversion:1.0.0.71(sp2)

Trust: 0.8

sources: JVNDB: JVNDB-2020-002081 // NVD: CVE-2020-1842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1842
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002081
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-1459
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1842
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002081
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1842
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002081
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002081 // CNNVD: CNNVD-202001-1459 // NVD: CVE-2020-1842

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-002081 // NVD: CVE-2020-1842

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-1459

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002081

PATCH
title:huawei-sa-20200122-01-oscaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en
Trust: 0.8
title:Various Huawei product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110206
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002081 // 
            
            
            
            CNNVD: CNNVD-202001-1459

EXTERNAL IDS
db:NVDid:CVE-2020-1842
Trust: 2.4
db:JVNDBid:JVNDB-2020-002081
Trust: 0.8
db:CNNVDid:CNNVD-202001-1459
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002081 // 
            
            
            
            CNNVD: CNNVD-202001-1459 // 
            
            
            
            NVD: CVE-2020-1842

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1842
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1842
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200122-01-osca-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002081 // 
            
            
            
            CNNVD: CNNVD-202001-1459 // 
            
            
            
            NVD: CVE-2020-1842

SOURCES
db:JVNDBid:JVNDB-2020-002081
db:CNNVDid:CNNVD-202001-1459
db:NVDid:CVE-2020-1842

LAST UPDATE DATE
2024-11-23T22:21:20.452000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002081date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1459date:2021-01-05T00:00:00
db:NVDid:CVE-2020-1842date:2024-11-21T05:11:28.567

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002081date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1459date:2020-01-22T00:00:00
db:NVDid:CVE-2020-1842date:2020-02-18T04:15:14.507