CVE-2020-1871Insufficiently Protected Credentials in Huawei Usg9500 Firmware

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.2%
top 61.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Usg9500 Firmware
Timeline
PublishedJan 3
Latest updateMay 24

Description

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5huawei/usg9500_firmware6 versions+5
NVDhuawei/usg9500_firmware6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-rhcx-fxpc-68mc: USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an impr2022-05-24
CVEList
CVE-2020-1871: USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an impr2020-01-03

💬Community

1
Bugzilla
CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c2020-10-08
CVE-2020-1871 — Insufficiently Protected Credentials | cvebase