CVE-2020-1857 — Sensitive Information Exposure in Huawei Nip6800

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 81.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Nip6800 Huawei Secospace Usg6600 Huawei Usg9500 +3 more

Timeline

PublishedFeb 17

Latest updateMay 24

Description

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5huawei/secospace_usg66004 versions+3

▶NVDhuawei/secospace_usg6600_firmware4 versions+3

▶CVEListV5huawei/nip6800V500R001C30, V500R001C60SPC500, V500R005C00SPC100+2

▶CVEListV5huawei/usg95004 versions+3

▶NVDhuawei/nip6800_firmwarev500r001c30, v500r001c60spc500, v500r005c00spc100+2

🔴Vulnerability Details

GHSA

GHSA-gq63-j356-8hj4: Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C↗2022-05-24

▶

CVEList

CVE-2020-1857: Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C↗2020-02-17

▶