CVE-2020-1860

Name of the Vulnerable Software and Affected Versions NIP6800 versions V500R001C30; V500R001C60SPC500; V500R005C00SPC100 Secospace USG6600 versions V500R001C30; V500R001C60SPC500; V500R005C00SPC100 USG9500 products versions V500R001C30; V500R001C60SPC500; V500R005C00SPC100

Description The issue is an access control bypass vulnerability. Attackers with access to the internal network can exploit this vulnerability with careful deployment. Successful exploitation may cause the access control to be bypassed, allowing attackers to directly access the Internet.

Recommendations For NIP6800 versions V500R001C30; V500R001C60SPC500; V500R005C00SPC100, restrict access to internal networks to minimize the risk of exploitation. For Secospace USG6600 versions V500R001C30; V500R001C60SPC500; V500R005C00SPC100, consider implementing additional security measures to prevent careful deployment by attackers. For USG9500 products versions V500R001C30; V500R001C60SPC500; V500R005C00SPC100, limit direct Internet access until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.