Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2020-1842 CVE-2020-1843 |
CWE-ID | CWE-287 CWE-345 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
OSCA-550 Hardware solutions / Other hardware appliances OSCA-550A Hardware solutions / Other hardware appliances OSCA-550AX Hardware solutions / Other hardware appliances OSCA-550X Hardware solutions / Other hardware appliances Huawei HEGE-560 Hardware solutions / Other hardware appliances |
Vendor | Huawei |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU24511
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1842
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to insufficient authentication. An attacker with physical access to the device can perform specific operations to gain elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsOSCA-550: 1.0.0.71(SP1)
OSCA-550A: 1.0.0.71(SP1)
OSCA-550AX: 1.0.0.71(SP2)
OSCA-550X: 1.0.0.71(SP2)
Huawei HEGE-560: 1.0.1.20(SP2)
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU24514
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1843
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform an illegal operation on the target device.
The vulnerability exists due to an insufficient verification issue. An attacker with physical access can perform specific operations, leading to an illegal operation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei HEGE-560: 1.0.1.20(SP2)
OSCA-550: 1.0.0.71(SP1)
OSCA-550A: 1.0.0.71(SP1)
OSCA-550AX: 1.0.0.71(SP2)
OSCA-550X: 1.0.0.71(SP2)
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.