Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2020-1860

Published: Feb 28, 2020 | Modified: Jul 21, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-1860
CWEhttps://cwe.mitre.org/data/definitions/.html

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.

Affected Software

Name Vendor Start Version End Version
Nip6800_firmware Huawei v500r001c30 (including) v500r001c30 (including)
Nip6800_firmware Huawei v500r001c60 (including) v500r001c60 (including)
Nip6800_firmware Huawei v500r005c00 (including) v500r005c00 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use