First published: Fri Jan 03 2020(Updated: )
USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Usg9500 Firmware | =v500r001c30spc100 | |
Huawei Usg9500 Firmware | =v500r001c30spc200 | |
Huawei Usg9500 Firmware | =v500r001c30spc600 | |
Huawei Usg9500 Firmware | =v500r001c60spc500 | |
Huawei Usg9500 Firmware | =v500r005c00spc100 | |
Huawei Usg9500 Firmware | =v500r005c00spc200 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2020-1871.
The severity of CVE-2020-1871 is rated as high with a CVSS score of 8.2.
The following software versions of USG9500 are affected: V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200.
Successful exploitation of this vulnerability could cause unauthorized disclosure of information.
You can find more information about this vulnerability on Huawei's website: [Huawei Security Advisory SA-20200102-01](https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en).