CVE-2020-1856 : Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.

Published 2020-02-17 21:15:13

Updated 2021-07-21 11:39:24

Source Huawei Technologies

View at NVD, CVE.org

Products affected by CVE-2020-1856

Huawei » Nip6300 Firmware » Version: V500r001c30
cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Nip6300 » Version: N/A
Huawei » Nip6300 Firmware » Version: V500r005c00
cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Nip6300 » Version: N/A
Huawei » Nip6300 Firmware » Version: V500r001c60
cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Nip6300 » Version: N/A
Huawei » Secospace Usg6500 Firmware » Version: V500r001c30
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6500 » Version: N/A
Huawei » Secospace Usg6500 Firmware » Version: V500r005c00
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6500 » Version: N/A
Huawei » Secospace Usg6500 Firmware » Version: V500r001c60
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6500 » Version: N/A
Huawei » Usg9500 Firmware » Version: V500r001c30
cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Usg9500 » Version: N/A
Huawei » Usg9500 Firmware » Version: V500r001c60
cpe:2.3:o:huawei:usg9500_firmware:v500r001c60:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Usg9500 » Version: N/A
Huawei » Usg9500 Firmware » Version: V500r005c00
cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Usg9500 » Version: N/A
Huawei » Ngfw Module Firmware » Version: V500r001c30
cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c30:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ngfw Module » Version: N/A
Huawei » Ngfw Module Firmware » Version: V500r001c60
cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c60:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ngfw Module » Version: N/A
Huawei » Ngfw Module Firmware » Version: V500r005c00
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ngfw Module » Version: N/A
Huawei » Secospace Usg6600 Firmware » Version: V500r001c30
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6600 » Version: N/A
Huawei » Secospace Usg6600 Firmware » Version: V500r001c60
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6600 » Version: N/A
Huawei » Secospace Usg6600 Firmware » Version: V500r005c00
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6600 » Version: N/A
Huawei » Nip6600 Firmware » Version: V500r001c30
cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Nip6600 » Version: N/A
Huawei » Nip6600 Firmware » Version: V500r005c00
cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Nip6600 » Version: N/A
Huawei » Nip6600 Firmware » Version: V500r001c60
cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Nip6600 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-1856

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1856

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2020-1856

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en

Security Advisory - Information leakage Vulnerability in Some Huawei Products
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-1856

Products affected by CVE-2020-1856

Exploit prediction scoring system (EPSS) score for CVE-2020-1856

CVSS scores for CVE-2020-1856

References for CVE-2020-1856