Insufficient verification of data authenticity in Huawei products - CVE-2020-1855
Published: January 24, 2020
Vulnerability identifier: #VU24513
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1855
CWE-ID: CWE-345
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei HEGE-560
Huawei HEGE-570
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X
Huawei HEGE-560
Huawei HEGE-570
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a local attacker to cause the target device abnormal.
The vulnerability exists due to an insufficient verification issue. An attacker with physical access can tamper with device information and cause service abnormal.
Remediation
Install updates from vendor's website.