Vulnerability Name:

CVE-2020-1855 (CCN-174965)

Assigned:2019-11-29
Published:2020-01-22
Updated:2021-07-21
Summary:Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
6.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2020-1855

Source: CONFIRM
Type: Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-03-osca-en

Source: XF
Type: UNKNOWN
huawei-tv-cve20201855-priv-esc(174965)

Source: CCN
Type: huawei-sa-20200122-03-osca
Insufficient Verification Vulnerability in Some Huawei Products

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:hege-560_firmware:1.0.1.21(sp3):*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:hege-560:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:osca-550_firmware:1.0.1.21(sp3):*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:osca-550:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:osca-550a_firmware:1.0.1.21(sp3):*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:osca-550a:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:huawei:osca-550ax_firmware:1.0.1.21(sp3):*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:osca-550ax:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:huawei:osca-550x_firmware:1.0.1.21(sp3):*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:osca-550x:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:huawei:hege-570_firmware:1.0.1.22(sp3):*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:hege-570:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei hege-560 firmware 1.0.1.21(sp3)
    huawei hege-560 -
    huawei osca-550 firmware 1.0.1.21(sp3)
    huawei osca-550 -
    huawei osca-550a firmware 1.0.1.21(sp3)
    huawei osca-550a -
    huawei osca-550ax firmware 1.0.1.21(sp3)
    huawei osca-550ax -
    huawei osca-550x firmware 1.0.1.21(sp3)
    huawei osca-550x -
    huawei hege-570 firmware 1.0.1.22(sp3)
    huawei hege-570 -