Insufficient verification of data authenticity in Huawei products - CVE-2020-1855
Published: January 24, 2020
Vulnerability identifier: #VU24513
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1855
CWE-ID: CWE-345
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei HEGE-560
Huawei HEGE-570
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X
Huawei HEGE-560
Huawei HEGE-570
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X
Detailed vulnerability description
The vulnerability allows a local attacker to cause the target device abnormal.
The vulnerability exists due to an insufficient verification issue. An attacker with physical access can tamper with device information and cause service abnormal.
How to mitigate CVE-2020-1855
Install updates from vendor's website.