Sign-up

ID

VAR-202006-1061


CVE

CVE-2020-1825


TITLE

FusionAccess Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006726

DESCRIPTION

FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. FusionAccess There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Huawei FusionAccess is a virtual desktop application based on the Huawei Cloud platform of the Chinese company Huawei (Huawei). The vulnerability is caused by the program's insufficient validation of specific inputs

Trust: 1.71

sources: NVD: CVE-2020-1825 // JVNDB: JVNDB-2020-006726 // VULHUB: VHN-171509

AFFECTED PRODUCTS

vendor:huaweimodel:fusionaccessscope:ltversion:6.5.1.spc002

Trust: 1.0

vendor:huaweimodel:fusionaccessscope:eqversion:6.5.1.spc002

Trust: 0.8

sources: JVNDB: JVNDB-2020-006726 // NVD: CVE-2020-1825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1825
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006726
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1021
value: MEDIUM

Trust: 0.6

VULHUB: VHN-171509
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1825
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006726
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-171509
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1825
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006726
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-171509 // JVNDB: JVNDB-2020-006726 // CNNVD: CNNVD-202006-1021 // NVD: CVE-2020-1825

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-171509 // JVNDB: JVNDB-2020-006726 // NVD: CVE-2020-1825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1021

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1021

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006726

PATCH
title:huawei-sa-20200610-01-fusionaccesurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en
Trust: 0.8
title:Huawei FusionAccess Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122048
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006726 // 
            
            
            
            CNNVD: CNNVD-202006-1021

EXTERNAL IDS
db:NVDid:CVE-2020-1825
Trust: 2.5
db:JVNDBid:JVNDB-2020-006726
Trust: 0.8
db:CNNVDid:CNNVD-202006-1021
Trust: 0.7
db:CNVDid:CNVD-2020-53117
Trust: 0.1
db:VULHUBid:VHN-171509
Trust: 0.1
sources:
            
            
            VULHUB: VHN-171509 // 
            
            
            
            JVNDB: JVNDB-2020-006726 // 
            
            
            
            CNNVD: CNNVD-202006-1021 // 
            
            
            
            NVD: CVE-2020-1825

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-1825
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1825
Trust: 0.8
sources:
            
            
            VULHUB: VHN-171509 // 
            
            
            
            JVNDB: JVNDB-2020-006726 // 
            
            
            
            CNNVD: CNNVD-202006-1021 // 
            
            
            
            NVD: CVE-2020-1825

SOURCES
db:VULHUBid:VHN-171509
db:JVNDBid:JVNDB-2020-006726
db:CNNVDid:CNNVD-202006-1021
db:NVDid:CVE-2020-1825

LAST UPDATE DATE
2024-11-23T23:07:56.281000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-171509date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006726date:2020-07-15T00:00:00
db:CNNVDid:CNNVD-202006-1021date:2020-06-19T00:00:00
db:NVDid:CVE-2020-1825date:2024-11-21T05:11:26.497

SOURCES RELEASE DATE
db:VULHUBid:VHN-171509date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006726date:2020-07-15T00:00:00
db:CNNVDid:CNNVD-202006-1021date:2020-06-15T00:00:00
db:NVDid:CVE-2020-1825date:2020-06-15T15:15:09.647