Sign-up

ID

VAR-202103-0464


CVE

CVE-2020-9206


TITLE

eUDC660  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-017182

DESCRIPTION

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device. eUDC660 There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei eUDC660 is a device provided by China's Huawei (Huawei) company to provide scheduling functions. The equipment supports broadband trunking dispatching in transportation, energy and other fields to improve the efficiency of voice, data, and video communication

Trust: 2.25

sources: NVD: CVE-2020-9206 // JVNDB: JVNDB-2020-017182 // CNVD: CNVD-2021-24920 // VULMON: CVE-2020-9206

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-24920

AFFECTED PRODUCTS

vendor:huaweimodel:eudc660scope:eqversion:v100r005c00

Trust: 1.0

vendor:huaweimodel:eudc660scope:eqversion: -

Trust: 0.8

vendor:huaweimodel:eudc660scope:eqversion:eudc660 firmware

Trust: 0.8

vendor:huaweimodel:eudc660scope: - version: -

Trust: 0.8

vendor:huaweimodel:eudc660 v100r005c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-24920 // JVNDB: JVNDB-2020-017182 // NVD: CVE-2020-9206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9206
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9206
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-24920
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202102-352
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9206
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-24920
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9206
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9206
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-24920 // JVNDB: JVNDB-2020-017182 // CNNVD: CNNVD-202102-352 // NVD: CVE-2020-9206

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-017182 // NVD: CVE-2020-9206

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-352

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-352

PATCH

title:huawei-sa-20210203-01-resourcemanagementurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-resourcemanagement-en

Trust: 0.8

title:Patch for Huawei eUDC660 inappropriate resource management vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/255991

Trust: 0.6

title:Huawei eUDC660 Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140574

Trust: 0.6

sources: CNVD: CNVD-2021-24920 // JVNDB: JVNDB-2020-017182 // CNNVD: CNNVD-202102-352

EXTERNAL IDS

db:NVDid:CVE-2020-9206

Trust: 3.9

db:JVNDBid:JVNDB-2020-017182

Trust: 0.8

db:CNVDid:CNVD-2021-24920

Trust: 0.6

db:CNNVDid:CNNVD-202102-352

Trust: 0.6

db:VULMONid:CVE-2020-9206

Trust: 0.1

sources: CNVD: CNVD-2021-24920 // VULMON: CVE-2020-9206 // JVNDB: JVNDB-2020-017182 // CNNVD: CNNVD-202102-352 // NVD: CVE-2020-9206

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-9206

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-resourcemanagement-en

Trust: 1.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210203-01-resourcemanagement-cn

Trust: 0.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196249

Trust: 0.1

sources: CNVD: CNVD-2021-24920 // VULMON: CVE-2020-9206 // JVNDB: JVNDB-2020-017182 // CNNVD: CNNVD-202102-352 // NVD: CVE-2020-9206

SOURCES

db:CNVDid:CNVD-2021-24920
db:VULMONid:CVE-2020-9206
db:JVNDBid:JVNDB-2020-017182
db:CNNVDid:CNNVD-202102-352
db:NVDid:CVE-2020-9206

LAST UPDATE DATE

2024-11-23T22:57:58.933000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-24920date:2021-04-04T00:00:00
db:VULMONid:CVE-2020-9206date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2020-017182date:2022-06-28T06:12:00
db:CNNVDid:CNNVD-202102-352date:2021-03-30T00:00:00
db:NVDid:CVE-2020-9206date:2024-11-21T05:40:09.650

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-24920date:2021-04-04T00:00:00
db:VULMONid:CVE-2020-9206date:2021-03-22T00:00:00
db:JVNDBid:JVNDB-2020-017182date:2022-06-28T00:00:00
db:CNNVDid:CNNVD-202102-352date:2021-02-03T00:00:00
db:NVDid:CVE-2020-9206date:2021-03-22T18:15:14.167