CVE-2020-1860Improper Input Validation in Huawei Nip6800 Firmware

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 70.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Huawei Nip6800 FirmwareHuawei Secospace Usg6600 FirmwareHuawei Usg9500 Firmware
Timeline
PublishedFeb 28
Latest updateMay 24

Description

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDhuawei/secospace_usg6600_firmwarev500r001c30, v500r001c60, v500r005c00+2
NVDhuawei/nip6800_firmwarev500r001c30, v500r001c60, v500r005c00+2
NVDhuawei/usg9500_firmwarev500r001c30, v500r001c60, v500r005c00+2

🔴Vulnerability Details

2
GHSA
GHSA-vcff-vwv3-4mf7: NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerabil2022-05-24
CVEList
CVE-2020-1860: NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerabil2020-02-28

💬Community

1
Bugzilla
CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking2020-05-11
CVE-2020-1860 — Improper Input Validation in Huawei | cvebase