CVE-2020-1860 (GCVE-0-2020-1860)

Vulnerability from cvelistv5 – Published: 2020-02-28 18:28 – Updated: 2024-08-04 06:53
VLAI?
Summary
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.
Severity ?
No CVSS data available.
CWE
  • Access Control Bypass
Assigner
References
Impacted products
Vendor Product Version
n/a NIP6800;Secospace USG6600;USG9500 Affected: V500R001C30,V500R001C60,V500R005C00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:53:58.749Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NIP6800;Secospace USG6600;USG9500",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V500R001C30,V500R001C60,V500R005C00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Access Control Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-28T18:28:16",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NIP6800;Secospace USG6600;USG9500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V500R001C30,V500R001C60,V500R005C00"
                          },
                          {
                            "version_value": "V500R001C30,V500R001C60,V500R005C00"
                          },
                          {
                            "version_value": "V500R001C30,V500R001C60,V500R005C00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Access Control Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1860",
    "datePublished": "2020-02-28T18:28:16",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-04T06:53:58.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6800_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B3D681F-E141-4BB1-9437-8BFE286CB164\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7EE3877-6344-466D-90B0-68CF4A53A256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6FCA659-5DF8-44EA-91B6-A80FBB68322A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"875441DD-575F-4F4D-A6BD-23C38641D330\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADB7FBB2-1CC6-4DA3-85AB-66562B0A9198\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6AACFD2-9C9D-49E3-A911-0CF58F863EE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"391BFC6B-9AE6-49D7-855A-CB94AD1EE5C1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE469876-F873-4705-9760-097AE840A818\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F14B3F-EA8C-4A01-9968-08ECACDA6CBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:usg9500_firmware:v500r001c60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74B7C57C-7CD4-4FF0-BE51-2F4794FED7AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E961C6AA-400A-41CF-A230-FE7182875F1F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B6064BB-5E62-4D70-B933-05B5426EEE9C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.\"}, {\"lang\": \"es\", \"value\": \"Los productos NIP6800; Secospace USG6600; USG9500 con versiones de V500R001C30; V500R001C60SPC500; V500R005C00SPC100, presentan una vulnerabilidad de omisi\\u00f3n del control de acceso. Los atacantes que pueden acceder a la red interna pueden explotar esta vulnerabilidad con una implementaci\\u00f3n cuidadosa. Una explotaci\\u00f3n con \\u00e9xito puede causar que el control de acceso sea omitido y los atacantes puedan acceder directamente a Internet.\"}]",
      "id": "CVE-2020-1860",
      "lastModified": "2024-11-21T05:11:29.970",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-28T19:15:11.437",
      "references": "[{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1860\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2020-02-28T19:15:11.437\",\"lastModified\":\"2024-11-21T05:11:29.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.\"},{\"lang\":\"es\",\"value\":\"Los productos NIP6800; Secospace USG6600; USG9500 con versiones de V500R001C30; V500R001C60SPC500; V500R005C00SPC100, presentan una vulnerabilidad de omisi\u00f3n del control de acceso. Los atacantes que pueden acceder a la red interna pueden explotar esta vulnerabilidad con una implementaci\u00f3n cuidadosa. Una explotaci\u00f3n con \u00e9xito puede causar que el control de acceso sea omitido y los atacantes puedan acceder directamente a Internet.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6800_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3D681F-E141-4BB1-9437-8BFE286CB164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7EE3877-6344-466D-90B0-68CF4A53A256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6FCA659-5DF8-44EA-91B6-A80FBB68322A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"875441DD-575F-4F4D-A6BD-23C38641D330\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB7FBB2-1CC6-4DA3-85AB-66562B0A9198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6AACFD2-9C9D-49E3-A911-0CF58F863EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"391BFC6B-9AE6-49D7-855A-CB94AD1EE5C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE469876-F873-4705-9760-097AE840A818\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F14B3F-EA8C-4A01-9968-08ECACDA6CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:usg9500_firmware:v500r001c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74B7C57C-7CD4-4FF0-BE51-2F4794FED7AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E961C6AA-400A-41CF-A230-FE7182875F1F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B6064BB-5E62-4D70-B933-05B5426EEE9C\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.