Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ips_module_firmware | Huawei | v500r001c00 (including) | v500r001c00 (including) |
| Ips_module_firmware | Huawei | v500r001c20 (including) | v500r001c20 (including) |
| Ips_module_firmware | Huawei | v500r001c30 (including) | v500r001c30 (including) |
| Ips_module_firmware | Huawei | v500r001c50 (including) | v500r001c50 (including) |
| Ips_module_firmware | Huawei | v500r001c60 (including) | v500r001c60 (including) |
| Ips_module_firmware | Huawei | v500r001c80 (including) | v500r001c80 (including) |
| Ips_module_firmware | Huawei | v500r005c00 (including) | v500r005c00 (including) |
| Ips_module_firmware | Huawei | v500r005c10 (including) | v500r005c10 (including) |
| Ips_module_firmware | Huawei | v500r005c20 (including) | v500r005c20 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html