Main Vulnerability Database Vulnerabilities #VU26048

Improper validation of integrity check value in Huawei products - CVE-2020-1879

Published: March 12, 2020

Vulnerability identifier: #VU26048

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1879

CWE-ID: CWE-354

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei HEGE-560
Huawei HEGE-570
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X

Detailed vulnerability description

The vulnerability allows a local user to make malicious modifications.

The vulnerability exists due to improper integrity checks. An authenticated attacker with physical access can make malicious modifications on the target system.

How to mitigate CVE-2020-1879

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-integrity-en

Improper validation of integrity check value in Huawei products - CVE-2020-1879

Detailed vulnerability description

How to mitigate CVE-2020-1879

Sources

Please verify you're human