CVE-2020-1856 — Sensitive Information Exposure in Huawei Ngfw Module Firmware

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 59.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ngfw Module Firmware Huawei Nip6300 Firmware Huawei Nip6600 Firmware +3 more

Timeline

PublishedFeb 17

Latest updateMay 24

Description

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDhuawei/secospace_usg6500_firmwarev500r001c30, v500r001c60, v500r005c00+2

▶NVDhuawei/secospace_usg6600_firmwarev500r001c30, v500r001c60, v500r005c00+2

▶NVDhuawei/ngfw_module_firmwarev500r001c30, v500r001c60, v500r005c00+2

▶NVDhuawei/nip6300_firmwarev500r001c30, v500r001c60, v500r005c00+2

▶NVDhuawei/nip6600_firmwarev500r001c30, v500r001c60, v500r005c00+2

🔴Vulnerability Details

GHSA

GHSA-jvfv-f89h-p57p: Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an inf↗2022-05-24

▶

CVEList

CVE-2020-1856: Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an inf↗2020-02-17

▶