nvd-json-data-feeds/CVE-2020/CVE-2020-17xx/CVE-2020-1789.json

{
  "id": "CVE-2020-1789",
  "sourceIdentifier": "psirt@huawei.com",
  "published": "2020-02-18T03:15:10.937",
  "lastModified": "2020-02-20T19:22:05.617",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential."
    },
    {
      "lang": "es",
      "value": "Los productos Huawei OSCA-550, OSCA-550A, OSCA-550AX y OSCA-550X con la versi\u00f3n 1.0.1.21, presentan una vulnerabilidad de autenticaci\u00f3n insuficiente. El software no requiere una credencial fuerte cuando el usuario intenta hacer determinadas operaciones. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante omitir la autenticaci\u00f3n y hacer determinadas operaciones con una credencial d\u00e9bil."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:huawei:osca-550_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5785116E-F7CF-49BA-8833-98913F81630C"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:osca-550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0D0122F-89FF-4B3E-8837-2E07A0D27105"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:huawei:osca-550a_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A17B82-6007-416F-8EB8-19A73EDEF52B"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:osca-550a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4E574D-DEFF-48CC-81F0-28DB6432EF13"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:huawei:osca-550ax_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EAFE434F-2C9A-4B04-A916-0E9BBB940EDF"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:osca-550ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62EEE25C-2FA4-4B64-9680-387380D97352"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:huawei:osca-550x_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "42AD7C07-1559-45F3-A364-1F9AB8D0B4E7"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:osca-550x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "565AF527-86EF-4314-A645-B99D0C4C62C2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en",
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}