Published: 08/06/2020 Updated: 11/06/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
huawei ips_module_firmware v500r001c00
huawei ips_module_firmware v500r001c20
huawei ips_module_firmware v500r001c30
huawei ips_module_firmware v500r001c50
huawei ips_module_firmware v500r001c60
huawei ips_module_firmware v500r001c80
huawei ips_module_firmware v500r005c00
huawei ips_module_firmware v500r005c10
huawei ips_module_firmware v500r005c20
huawei ngfw_module_firmware v500r001c00
huawei ngfw_module_firmware v500r001c20
huawei ngfw_module_firmware v500r001c30
huawei ngfw_module_firmware v500r001c50
huawei ngfw_module_firmware v500r001c60
huawei ngfw_module_firmware v500r002c00
huawei ngfw_module_firmware v500r002c10
huawei ngfw_module_firmware v500r002c20
huawei ngfw_module_firmware v500r002c30
huawei ngfw_module_firmware v500r005c00
huawei ngfw_module_firmware v500r005c10
huawei ngfw_module_firmware v500r005c20
huawei nip6300_firmware v500r001c00
huawei nip6300_firmware v500r001c20
huawei nip6300_firmware v500r001c30
huawei nip6300_firmware v500r001c50
huawei nip6300_firmware v500r001c60
huawei nip6300_firmware v500r001c80
huawei nip6300_firmware v500r005c00
huawei nip6300_firmware v500r005c10
huawei nip6300_firmware v500r005c20
huawei nip6600_firmware v500r001c00
huawei nip6600_firmware v500r001c20
huawei nip6600_firmware v500r001c30
huawei nip6600_firmware v500r001c50
huawei nip6600_firmware v500r001c60
huawei nip6600_firmware v500r001c80
huawei nip6600_firmware v500r005c00
huawei nip6600_firmware v500r005c10
huawei nip6600_firmware v500r005c20
huawei nip6800_firmware v500r001c60
huawei nip6800_firmware v500r001c80
huawei nip6800_firmware v500r005c00
huawei nip6800_firmware v500r005c10
huawei nip6800_firmware v500r005c20
huawei secospace_usg6300_firmware v500r001c00
huawei secospace_usg6300_firmware v500r001c20
huawei secospace_usg6300_firmware v500r001c30
huawei secospace_usg6300_firmware v500r001c50
huawei secospace_usg6300_firmware v500r001c60
huawei secospace_usg6300_firmware v500r001c80
huawei secospace_usg6300_firmware v500r005c00
huawei secospace_usg6300_firmware v500r005c10
huawei secospace_usg6300_firmware v500r005c20
huawei secospace_usg6500_firmware v500r001c00
huawei secospace_usg6500_firmware v500r001c20
huawei secospace_usg6500_firmware v500r001c30
huawei secospace_usg6500_firmware v500r001c50
huawei secospace_usg6500_firmware v500r001c60
huawei secospace_usg6500_firmware v500r001c80
huawei secospace_usg6500_firmware v500r005c00
huawei secospace_usg6500_firmware v500r005c10
huawei secospace_usg6500_firmware v500r005c20
huawei secospace_usg6600_firmware v500r001c00
huawei secospace_usg6600_firmware v500r001c20
huawei secospace_usg6600_firmware v500r001c30
huawei secospace_usg6600_firmware v500r001c50
huawei secospace_usg6600_firmware v500r001c60
huawei secospace_usg6600_firmware v500r001c80
huawei secospace_usg6600_firmware v500r005c00
huawei secospace_usg6600_firmware v500r005c10
huawei secospace_usg6600_firmware v500r005c20
huawei usg9500_firmware v500r001c00
huawei usg9500_firmware v500r001c20
huawei usg9500_firmware v500r001c30
huawei usg9500_firmware v500r001c50
huawei usg9500_firmware v500r001c60
huawei usg9500_firmware v500r001c80
huawei usg9500_firmware v500r005c00
huawei usg9500_firmware v500r005c10
huawei usg9500_firmware v500r005c20

Some Huawei products have an improper authentication vulnerability Attackers need to perform some operations to exploit the vulnerability Successful exploit may obtain certain permissions on the device (Vulnerability ID: HWPSIRT-2020-03160) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9099 Huawe ...

CWE-287 https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en https://nvd.nist.gov https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en

CVE-2020-9099

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect