CVE-2020-1864 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Secospace Antiddos8000 Firmware	v500r001c00
Huawei	Secospace Antiddos8000	-

Related Weaknesses (CWE)

CWE-287

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authenVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authenVendor Advisory

FAQ

What is CVE-2020-1864?

CVE-2020-1864 is a vulnerability with a CVSS score of 8.1 (HIGH). Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected...

How severe is CVE-2020-1864?

CVE-2020-1864 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1864?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Secospace Antiddos8000 Firmware, Huawei Secospace Antiddos8000.