PT-2020-15122 · Huawei · Hege-570+3
Published
2020-02-18
·
Updated
2021-07-21
·
CVE-2020-1855
CVSS v3.1
6.1
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei HEGE-570 version 1.0.1.22(SP3)
Huawei HEGE-560 version 1.0.1.21(SP3)
Huawei OSCA-550 version 1.0.1.21(SP3)
Huawei OSCA-550A version 1.0.1.21(SP3)
Huawei OSCA-550AX version 1.0.1.21(SP3)
Huawei OSCA-550X version 1.0.1.21(SP3)
Description
The issue is related to insufficient verification, allowing an attacker with physical access to the device to exploit the vulnerability and tamper with device information. This could result in service abnormalities.
Recommendations
For Huawei HEGE-570 version 1.0.1.22(SP3), update to a version that addresses the insufficient verification vulnerability.
For Huawei HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3), update to a version that addresses the insufficient verification vulnerability.
As a temporary workaround, consider restricting physical access to the devices until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hege-560
Hege-570
Osca-550
Osca-550A