PT-2020-20476 · Huawei · Huawei Secospace Usg6300+1
Zhangrixin
·
Published
2020-06-10
·
Updated
2021-07-21
·
CVE-2020-9075
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei Secospace USG6300;USG6300E versions V500R001C30 through V500R001C80
Huawei Secospace USG6300;USG6300E versions V500R005C00 through V500R005C10
Huawei Secospace USG6300;USG6300E version V600R006C00
Description
The issue is related to insufficient input verification, allowing an attacker with limited privilege to access a specific directory. This could lead to information leakage.
Recommendations
For versions V500R001C30 through V500R001C80, update to a version that includes the necessary security patches to fix the insufficient input verification issue.
For versions V500R005C00 through V500R005C10, apply the recommended configuration changes to restrict access to the specific directory that can be exploited.
For version V600R006C00, consider temporarily restricting access to the directory until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Secospace Usg6300
Huawei Vrp