CVE-2020-1856 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Ngfw Module Firmware	v500r001c30
Huawei	Ngfw Module	-
Huawei	Nip6300 Firmware	v500r001c30
Huawei	Nip6300	-
Huawei	Nip6600 Firmware	v500r001c30
Huawei	Nip6600	-
Huawei	Secospace Usg6500 Firmware	v500r001c30
Huawei	Secospace Usg6500	-
Huawei	Secospace Usg6600 Firmware	v500r001c30
Huawei	Secospace Usg6600	-
Huawei	Usg9500 Firmware	v500r001c30
Huawei	Usg9500	-

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewalVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewalVendor Advisory

FAQ

What is CVE-2020-1856?

CVE-2020-1856 is a vulnerability with a CVSS score of 7.5 (HIGH). Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can ex...

How severe is CVE-2020-1856?

CVE-2020-1856 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1856?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ngfw Module Firmware, Huawei Ngfw Module, Huawei Nip6300 Firmware, Huawei Nip6300, Huawei Nip6600 Firmware.