FKIE_CVE-2020-1841

Vulnerability from fkie_nvd - Published: 2020-02-17 21:15 - Updated: 2024-11-21 05:11
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200207-01-te-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200207-01-te-enVendor Advisory
Impacted products
Vendor Product Version
huawei cloudlink_board_firmware 20.0.0
huawei cloudlink_board -
huawei dp300_firmware v500r002c00
huawei dp300 -
huawei rse6500_firmware v100r001c00
huawei rse6500_firmware v500r002c00
huawei rse6500_firmware v500r002c00spc900
huawei rse6500 -
huawei te60_firmware v500r002c00
huawei te60_firmware v600r006c00
huawei te60_firmware v600r006c00spc200
huawei te60_firmware v600r006c00spc300
huawei te60_firmware v600r006c10
huawei te60_firmware v600r019c00
huawei te60_firmware v600r019c00spc100
huawei te60 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudlink_board_firmware:20.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB83669F-200D-41D5-897D-5C2B1235DAC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudlink_board:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D0A02C-4FCB-4B63-A3F3-A58FC93AC139",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:rse6500_firmware:v100r001c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1A7B89-F3A6-4FB1-8871-15BBFFC82E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:rse6500_firmware:v500r002c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "649BB696-BDBE-46FC-A23D-287DE306D8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:rse6500_firmware:v500r002c00spc900:*:*:*:*:*:*:*",
              "matchCriteriaId": "F073EA63-0FB7-404A-9A6D-6518A0713C92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:rse6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD9417D-0515-4B21-AD32-E6B137575D01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "040454F6-FCDB-4320-8933-8F7DBB9956ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00spc300:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3BB83-7F0A-4C59-B889-7EF95BD581BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F394525-A467-4403-A1AA-306391427D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:te60_firmware:v600r019c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D2027FF-A5CB-4120-ADF0-06D1BADAB8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:te60_firmware:v600r019c00spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C682A04-0F19-4DA6-B8C2-07EA00010D1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak."
    },
    {
      "lang": "es",
      "value": "Huawei CloudLink Board versi\u00f3n 20.0.0; DP300 versi\u00f3n V500R002C00; RSE6500 versiones V100R001C00, V500R002C00 y V500R002C00SPC900; y TE60 versiones V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00 y V600R019C00SPC100, presentan una vulnerabilidad de fuga de informaci\u00f3n. Un atacante remoto no autenticado puede hacer un gran n\u00famero de intentos de adivinar informaci\u00f3n. Una explotaci\u00f3n con \u00e9xito puede causar una fuga de informaci\u00f3n."
    }
  ],
  "id": "CVE-2020-1841",
  "lastModified": "2024-11-21T05:11:28.427",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-17T21:15:12.960",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200207-01-te-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200207-01-te-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.