CVE-2020-1843 — MEDIUM (6.8)

Vulnerability Description

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Hege-560 Firmware	1.0.1.20\(sp2\)
Huawei	Hege-560	-
Huawei	Osca-550 Firmware	1.0.0.71\(sp1\)
Huawei	Osca-550	-
Huawei	Osca-550A Firmware	1.0.0.71\(sp1\)
Huawei	Osca-550A	-
Huawei	Osca-550Ax Firmware	1.0.0.71\(sp2\)
Huawei	Osca-550Ax	-
Huawei	Osca-550X Firmware	1.0.0.71\(sp2\)
Huawei	Osca-550X	-

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-enVendor Advisory

FAQ

What is CVE-2020-1843?

CVE-2020-1843 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verif...

How severe is CVE-2020-1843?

CVE-2020-1843 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1843?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Hege-560 Firmware, Huawei Hege-560, Huawei Osca-550 Firmware, Huawei Osca-550, Huawei Osca-550A Firmware.