6.5
CVE-2020-9075
- EPSS 0.15%
- Published 15.06.2020 15:15:09
- Last modified 21.11.2024 05:39:58
- Source psirt@huawei.com
- Teams watchlist Login
- Open Login
Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ Secospace Usg6300 Firmware Versionv500r005c00
Huawei ≫ Secospace Usg6300 Firmware Versionv500r005c10
Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30
Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c50
Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c60
Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c80
Huawei ≫ Usg6300e Firmware Versionv600r006c00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.325 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.