#VU25106 Information disclosure in Huawei products - CVE-2020-1841

Cybersecurity Help s.r.o.

Published: 2020-02-10

Vulnerability identifier: #VU25106

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-1841

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CloudLink Board
Server applications / Conferencing, Collaboration and VoIP solutions
Huawei DP300
Server applications / Conferencing, Collaboration and VoIP solutions
Huawei TE60
Server applications / Conferencing, Collaboration and VoIP solutions
RSE6500
Hardware solutions / Other hardware appliances

Vendor: Huawei

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an information leak issue. A remote attacker can make a large number of attempts to guess information and gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CloudLink Board: 20.0.0

Huawei DP300: V500R002C00

RSE6500: V100R001C00 - V500R002C00

Huawei TE60: V500R002C00 - V600R019C00

External links
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200207-01-te-en

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in Some Huawei Products