CVE-2020-1862 — LOW (3.3) — White Hats Nepal

Vulnerability Description

There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Huawei	Campusinsight	v100r019c00
Huawei	Manageone	6.5

Related Weaknesses (CWE)

CWE-415

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-eVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-eVendor Advisory

FAQ

What is CVE-2020-1862?

CVE-2020-1862 is a vulnerability with a CVSS score of 3.3 (LOW). There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exp...

How severe is CVE-2020-1862?

CVE-2020-1862 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1862?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Campusinsight, Huawei Manageone.