CVE-2020-1871 - OpenCVE

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Usg9500 Usg9500 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc100:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc100:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc200:::::::*

cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-01-03T14:25:18

Updated: 2024-08-04T06:53:58.977Z

Reserved: 2019-11-29T00:00:00

Link: CVE-2020-1871

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-03T15:15:12.133

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-1871

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "USG9500", "vendor": "n/a", "versions": [{"status": "affected", "version": "V500R001C30SPC100"}, {"status": "affected", "version": "V500R001C30SPC200"}, {"status": "affected", "version": "V500R001C30SPC600"}, {"status": "affected", "version": "V500R001C60SPC500"}, {"status": "affected", "version": "V500R005C00SPC100"}, {"status": "affected", "version": "V500R005C00SPC200"}]}], "descriptions": [{"lang": "en", "value": "USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity."}], "problemTypes": [{"descriptions": [{"description": "Improper Credentials Management", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-03T14:25:18", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-1871", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "USG9500", "version": {"version_data": [{"version_value": "V500R001C30SPC100"}, {"version_value": "V500R001C30SPC200"}, {"version_value": "V500R001C30SPC600"}, {"version_value": "V500R001C60SPC500"}, {"version_value": "V500R005C00SPC100"}, {"version_value": "V500R005C00SPC200"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Credentials Management"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:53:58.977Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-1871", "datePublished": "2020-01-03T14:25:18", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2024-08-04T06:53:58.977Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc100:*:*:*:*:*:*:*", "matchCriteriaId": "55A5E70C-79F7-49DF-A621-01965486E295", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:*:*:*:*:*:*:*", "matchCriteriaId": "C0BF5257-8CD1-4951-9C53-07B85D468F8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:*:*:*:*:*:*:*", "matchCriteriaId": "6E2CDEF7-F8C8-482E-B43D-DB3F0CE010F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:*:*:*:*:*:*:*", "matchCriteriaId": "8A1EFB9D-5349-4EAF-9880-34F0D20011E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc100:*:*:*:*:*:*:*", "matchCriteriaId": "BE7369E3-5F3F-40D1-8690-95192131B683", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc200:*:*:*:*:*:*:*", "matchCriteriaId": "ADA71C5D-4B11-401D-AEC9-907204C21476", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity."}, {"lang": "es", "value": "USG9500 con software de versiones V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200, tiene una vulnerabilidad de administraci\u00f3n de credenciales inapropiada. El software no administra apropiadamente determinadas credenciales. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n o da\u00f1o, e impactar la confidencialidad o integridad."}], "id": "CVE-2020-1871", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-03T15:15:12.133", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}