Sign-up

ID

VAR-202004-0956


CVE

CVE-2020-1802


TITLE

plural Huawei Vulnerability in product integrity verification deficiencies

Trust: 0.8

sources: JVNDB: JVNDB-2020-003979

DESCRIPTION

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2). plural Huawei The product contains a vulnerability related to data integrity verification deficiencies.Information may be tampered with. Huawei OSCA-550 and others are all smart screen devices from China's Huawei company. An attacker could use the vulnerability to cause the device to load a fake file that it uploaded via USB

Trust: 2.16

sources: NVD: CVE-2020-1802 // JVNDB: JVNDB-2020-003979 // CNVD: CNVD-2020-28980

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28980

AFFECTED PRODUCTS

vendor:huaweimodel:osca-550ascope:eqversion:1.0.1.23\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550axscope:eqversion:1.0.1.23\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550xscope:eqversion:1.0.1.23\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550scope:eqversion:1.0.1.23\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550scope:eqversion:1.0.1.23(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550ascope:eqversion:1.0.1.23(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550axscope:eqversion:1.0.1.23(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550xscope:eqversion:1.0.1.23(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550 1.0.1.23scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550a 1.0.1.23scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550ax 1.0.1.23scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550x 1.0.1.23scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-28980 // JVNDB: JVNDB-2020-003979 // NVD: CVE-2020-1802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1802
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003979
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-28980
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-531
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1802
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003979
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28980
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1802
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003979
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28980 // JVNDB: JVNDB-2020-003979 // CNNVD: CNNVD-202004-531 // NVD: CVE-2020-1802

PROBLEMTYPE DATA

problemtype:CWE-354

Trust: 1.8

sources: JVNDB: JVNDB-2020-003979 // NVD: CVE-2020-1802

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-531

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003979

PATCH
title:huawei-sa-20200408-01-oscaurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-osca-en
Trust: 0.8
title:Patch for Multiple Huawei product integrity check insufficient vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/218011
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115733
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28980 // 
            
            
            
            JVNDB: JVNDB-2020-003979 // 
            
            
            
            CNNVD: CNNVD-202004-531

EXTERNAL IDS
db:NVDid:CVE-2020-1802
Trust: 3.0
db:JVNDBid:JVNDB-2020-003979
Trust: 0.8
db:CNVDid:CNVD-2020-28980
Trust: 0.6
db:CNNVDid:CNNVD-202004-531
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28980 // 
            
            
            
            JVNDB: JVNDB-2020-003979 // 
            
            
            
            CNNVD: CNNVD-202004-531 // 
            
            
            
            NVD: CVE-2020-1802

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-osca-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1802
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200408-01-osca-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1802
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-28980 // 
            
            
            
            JVNDB: JVNDB-2020-003979 // 
            
            
            
            CNNVD: CNNVD-202004-531 // 
            
            
            
            NVD: CVE-2020-1802

SOURCES
db:CNVDid:CNVD-2020-28980
db:JVNDBid:JVNDB-2020-003979
db:CNNVDid:CNNVD-202004-531
db:NVDid:CVE-2020-1802

LAST UPDATE DATE
2024-11-23T22:11:30.988000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28980date:2020-05-19T00:00:00
db:JVNDBid:JVNDB-2020-003979date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-531date:2020-04-14T00:00:00
db:NVDid:CVE-2020-1802date:2024-11-21T05:11:24.497

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28980date:2020-05-19T00:00:00
db:JVNDBid:JVNDB-2020-003979date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-531date:2020-04-08T00:00:00
db:NVDid:CVE-2020-1802date:2020-04-10T14:15:11.923