1. Home
  2. CVE Database
  3. CVE-2020-9099
CRITICAL · 9.8

CVE-2020-9099

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50...

Vulnerability Description

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiIps Module Firmwarev500r001c00
HuaweiIps Module-
HuaweiNgfw Module Firmwarev500r001c00
HuaweiNgfw Module-
HuaweiNip6300 Firmwarev500r001c00
HuaweiNip6300-
HuaweiNip6600 Firmwarev500r001c00
HuaweiNip6600-
HuaweiNip6800 Firmwarev500r001c60
HuaweiNip6800-
HuaweiSecospace Usg6300 Firmwarev500r001c00
HuaweiSecospace Usg6300-
HuaweiSecospace Usg6500 Firmwarev500r001c00
HuaweiSecospace Usg6500-
HuaweiSecospace Usg6600 Firmwarev500r001c00
HuaweiSecospace Usg6600-
HuaweiUsg9500 Firmwarev500r001c00
HuaweiUsg9500-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2020-9099?

CVE-2020-9099 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50...

How severe is CVE-2020-9099?

CVE-2020-9099 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-9099?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ips Module Firmware, Huawei Ips Module, Huawei Ngfw Module Firmware, Huawei Ngfw Module, Huawei Nip6300 Firmware.