PT-2020-1568 · Huawei · Huawei Usg9500+1
Published
2020-01-02
·
Updated
2021-07-21
·
CVE-2020-1871
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei USG9500 versions V500R001C30SPC100 through V500R001C30SPC600
Huawei USG9500 version V500R001C30SPC200
Huawei USG9500 version V500R001C60SPC500
Huawei USG9500 versions V500R005C00SPC100 through V500R005C00SPC200
Description
The issue is related to improper credentials management in the software, which does not properly manage certain credentials. Successful exploitation could cause information disclosure or damage and impact the confidentiality or integrity of the protected information. The vulnerability may allow a remote attacker to affect the confidentiality and integrity of the protected information.
Recommendations
For Huawei USG9500 version V500R001C30SPC100, update the software to a version that properly manages credentials.
For Huawei USG9500 version V500R001C30SPC200, update the software to a version that properly manages credentials.
For Huawei USG9500 version V500R001C30SPC600, update the software to a version that properly manages credentials.
For Huawei USG9500 version V500R001C60SPC500, update the software to a version that properly manages credentials.
For Huawei USG9500 versions V500R005C00SPC100 through V500R005C00SPC200, update the software to a version that properly manages credentials.
As a temporary workaround, consider restricting access to sensitive credentials until a patch is available.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Usg9500
Huawei Vrp