Main Vulnerability Database Vulnerabilities #VU24511

Improper Authentication in Huawei products - CVE-2020-1842

Published: January 24, 2020

Vulnerability identifier: #VU24511

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1842

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X
Huawei HEGE-560

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to insufficient authentication. An attacker with physical access to the device can perform specific operations to gain elevated privileges.

How to mitigate CVE-2020-1842

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en

Improper Authentication in Huawei products - CVE-2020-1842

Detailed vulnerability description

How to mitigate CVE-2020-1842

Sources

Please verify you're human