CVE-2020-9075 — MEDIUM (6.5)

Vulnerability Description

Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Secospace Usg6300 Firmware	v500r005c00
Huawei	Secospace Usg6600 Firmware	v500r001c30
Huawei	Secospace Usg6300	-
Huawei	Usg6300E Firmware	v600r006c00
Huawei	Usg6300E	-

Related Weaknesses (CWE)

CWE-20

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-validaVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-validaVendor Advisory

FAQ

What is CVE-2020-9075?

CVE-2020-9075 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification....

How severe is CVE-2020-9075?

CVE-2020-9075 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9075?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Secospace Usg6300 Firmware, Huawei Secospace Usg6600 Firmware, Huawei Secospace Usg6300, Huawei Usg6300E Firmware, Huawei Usg6300E.