Sign-up

ID

VAR-202003-1131


CVE

CVE-2020-1879


TITLE

plural Huawei Vulnerability in product integrity verification deficiencies

Trust: 0.8

sources: JVNDB: JVNDB-2020-003152

DESCRIPTION

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). plural Huawei The product contains a vulnerability related to data integrity verification deficiencies.Information may be tampered with. Huawei HEGE-570 is a smart screen device of China's Huawei company. There are security vulnerabilities in many Huawei products, and attackers with high privileges can use this vulnerability to make malicious modifications

Trust: 2.16

sources: NVD: CVE-2020-1879 // JVNDB: JVNDB-2020-003152 // CNVD: CNVD-2020-21997

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21997

AFFECTED PRODUCTS

vendor:huaweimodel:osca-550scope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:osca-550ascope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:osca-550axscope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:hege-560scope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:osca-550xscope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:hege-570scope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:hege-560scope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:hege-570scope:eqversion:1.0.1.22(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550scope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550ascope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550axscope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550xscope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:hege-560 1.0.1.21scope: - version: -

Trust: 0.6

vendor:huaweimodel:hege-570 1.0.1.22scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550 1.0.1.21scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550a 1.0.1.21scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550ax 1.0.1.21scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550x 1.0.1.21scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-21997 // JVNDB: JVNDB-2020-003152 // NVD: CVE-2020-1879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1879
value: LOW

Trust: 1.0

NVD: JVNDB-2020-003152
value: LOW

Trust: 0.8

CNVD: CNVD-2020-21997
value: LOW

Trust: 0.6

CNNVD: CNNVD-202003-640
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-1879
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003152
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21997
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1879
baseSeverity: LOW
baseScore: 3.9
vectorString: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.3
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003152
baseSeverity: LOW
baseScore: 3.9
vectorString: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21997 // JVNDB: JVNDB-2020-003152 // CNNVD: CNNVD-202003-640 // NVD: CVE-2020-1879

PROBLEMTYPE DATA

problemtype:CWE-354

Trust: 1.8

sources: JVNDB: JVNDB-2020-003152 // NVD: CVE-2020-1879

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-640

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003152

PATCH
title:huawei-sa-20200311-01-integrityurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-integrity-en
Trust: 0.8
title:Patch for Many Huawei products have unknown vulnerabilities (CNVD-2020-21997)url:https://www.cnvd.org.cn/patchInfo/show/213051
Trust: 0.6
title:Multiple Huawei Fixes for security vulnerabilities in the producturl:http://123.124.177.30/web/xxk/bdxqById.tag?id=111894
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21997 // 
            
            
            
            JVNDB: JVNDB-2020-003152 // 
            
            
            
            CNNVD: CNNVD-202003-640

EXTERNAL IDS
db:NVDid:CVE-2020-1879
Trust: 3.0
db:JVNDBid:JVNDB-2020-003152
Trust: 0.8
db:CNVDid:CNVD-2020-21997
Trust: 0.6
db:CNNVDid:CNNVD-202003-640
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21997 // 
            
            
            
            JVNDB: JVNDB-2020-003152 // 
            
            
            
            CNNVD: CNNVD-202003-640 // 
            
            
            
            NVD: CVE-2020-1879

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-1879
Trust: 2.0
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en
Trust: 1.6
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-integrity-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1879
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200311-01-integrity-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21997 // 
            
            
            
            JVNDB: JVNDB-2020-003152 // 
            
            
            
            CNNVD: CNNVD-202003-640 // 
            
            
            
            NVD: CVE-2020-1879

SOURCES
db:CNVDid:CNVD-2020-21997
db:JVNDBid:JVNDB-2020-003152
db:CNNVDid:CNNVD-202003-640
db:NVDid:CVE-2020-1879

LAST UPDATE DATE
2024-11-23T22:21:14.912000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21997date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003152date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-640date:2023-02-06T00:00:00
db:NVDid:CVE-2020-1879date:2024-11-21T05:11:32.013

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21997date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003152date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-640date:2020-03-11T00:00:00
db:NVDid:CVE-2020-1879date:2020-03-20T16:15:15.147