Improper Authentication in Huawei OSCA Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-1789 |
| CWE-ID | CWE-287 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
OSCA-550 Hardware solutions / Other hardware appliances OSCA-550A Hardware solutions / Other hardware appliances OSCA-550AX Hardware solutions / Other hardware appliances OSCA-550X Hardware solutions / Other hardware appliances |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU24459
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1789
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to the affected software does not require a strong credential when the user trying to do certain operations. An attacker with physical access can bypass authentication process and do certain operations by a weak credential.
.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOSCA-550: 1.0.1.21(SP3)
OSCA-550A: 1.0.1.21(SP3)
OSCA-550AX: 1.0.1.21(SP3)
OSCA-550X: 1.0.1.21(SP3)
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
