Details of VAR-202002-0614

ID

VAR-202002-0614

CVE

CVE-2020-1855

TITLE

plural Huawei Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002080

DESCRIPTION

Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal. plural Huawei The product contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Huawei HEGE-570 is a smart screen device of China's Huawei company. Input validation error vulnerabilities exist in many Huawei products

Trust: 2.16

sources: NVD: CVE-2020-1855 // JVNDB: JVNDB-2020-002080 // CNVD: CNVD-2020-22010

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-22010

AFFECTED PRODUCTS

vendor:	huawei	model:	osca-550	scope:	eq	version:	1.0.1.21\(sp3\)	Trust: 1.0
vendor:	huawei	model:	osca-550a	scope:	eq	version:	1.0.1.21\(sp3\)	Trust: 1.0
vendor:	huawei	model:	osca-550ax	scope:	eq	version:	1.0.1.21\(sp3\)	Trust: 1.0
vendor:	huawei	model:	hege-560	scope:	eq	version:	1.0.1.21\(sp3\)	Trust: 1.0
vendor:	huawei	model:	hege-570	scope:	eq	version:	1.0.1.22\(sp3\)	Trust: 1.0
vendor:	huawei	model:	osca-550x	scope:	eq	version:	1.0.1.21\(sp3\)	Trust: 1.0
vendor:	huawei	model:	hege-560	scope:	eq	version:	1.0.1.21(sp3)	Trust: 0.8
vendor:	huawei	model:	hege-570	scope:	eq	version:	1.0.1.22(sp3)	Trust: 0.8
vendor:	huawei	model:	osca-550	scope:	eq	version:	1.0.1.21(sp3)	Trust: 0.8
vendor:	huawei	model:	osca-550a	scope:	eq	version:	1.0.1.21(sp3)	Trust: 0.8
vendor:	huawei	model:	osca-550ax	scope:	eq	version:	1.0.1.21(sp3)	Trust: 0.8
vendor:	huawei	model:	osca-550x	scope:	eq	version:	1.0.1.21(sp3)	Trust: 0.8
vendor:	huawei	model:	hege-560 1.0.1.21	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	hege-570 1.0.1.22	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550 1.0.1.21	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550a 1.0.1.21	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550ax 1.0.1.21	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550x 1.0.1.21	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550x	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550ax	scope:	eq	version:	1.0.1.21sp3	Trust: 0.6
vendor:	huawei	model:	osca-550	scope:	eq	version:	1.0.1.21sp3	Trust: 0.6
vendor:	huawei	model:	osca-550x	scope:	eq	version:	1.0.1.21sp3	Trust: 0.6
vendor:	huawei	model:	hege-560	scope:	eq	version:	1.0.1.21sp3	Trust: 0.6
vendor:	huawei	model:	osca-550ax	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550a	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550a	scope:	eq	version:	1.0.1.21sp3	Trust: 0.6
vendor:	huawei	model:	hege-560	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	osca-550	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-22010 // JVNDB: JVNDB-2020-002080 // CNNVD: CNNVD-202002-942 // NVD: CVE-2020-1855

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1855
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002080
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-22010
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202002-942
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-1855
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002080
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-22010
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-1855
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002080
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-22010 // JVNDB: JVNDB-2020-002080 // CNNVD: CNNVD-202002-942 // NVD: CVE-2020-1855

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2020-002080 // NVD: CVE-2020-1855

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-942

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002080

PATCH

title:	huawei-sa-20200122-03-osca	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-03-osca-en	Trust: 0.8
title:	Patch for Multiple Huawei product input verification error vulnerabilities (CNVD-2020-22010)	url:	https://www.cnvd.org.cn/patchInfo/show/209981	Trust: 0.6
title:	Multiple Huawei Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110234	Trust: 0.6

sources: CNVD: CNVD-2020-22010 // JVNDB: JVNDB-2020-002080 // CNNVD: CNNVD-202002-942

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1855	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-002080	Trust: 0.8
db:	CNVD	id:	CNVD-2020-22010	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-942	Trust: 0.6

sources: CNVD: CNVD-2020-22010 // JVNDB: JVNDB-2020-002080 // CNNVD: CNNVD-202002-942 // NVD: CVE-2020-1855

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-03-osca-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1855	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1855	Trust: 0.8

sources: CNVD: CNVD-2020-22010 // JVNDB: JVNDB-2020-002080 // CNNVD: CNNVD-202002-942 // NVD: CVE-2020-1855

SOURCES

db:	CNVD	id:	CNVD-2020-22010
db:	JVNDB	id:	JVNDB-2020-002080
db:	CNNVD	id:	CNNVD-202002-942
db:	NVD	id:	CVE-2020-1855

LAST UPDATE DATE

2024-11-23T22:37:32.719000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-22010	date:	2020-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-002080	date:	2020-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202002-942	date:	2020-02-21T00:00:00
db:	NVD	id:	CVE-2020-1855	date:	2024-11-21T05:11:29.463

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-22010	date:	2020-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-002080	date:	2020-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202002-942	date:	2020-02-18T00:00:00
db:	NVD	id:	CVE-2020-1855	date:	2020-02-18T03:15:11.277