CVE-2020-1879

{"id": "CVE-2020-1879", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.3}]}, "published": "2020-03-20T16:15:15.147", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en", "tags": ["Not Applicable"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-integrity-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3)."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de comprobaci\u00f3n de integridad inapropiada en algunos productos de Huawei. El software del producto afectado presenta una comprobaci\u00f3n de integridad inapropiada que puede permitir a un atacante con altos privilegios llevar a cabo modificaciones maliciosas. Las versiones afectadas del producto incluyen: HEGE-560 versiones 1.0.1.21(SP3); HEGE-570 versiones 1.0.1.22(SP3) ; OSCA-550 versiones 1.0.1.21(SP3); OSCA-550A versiones 1.0.1.21(SP3); OSCA-550AX versiones 1.0.1.21(SP3); OSCA-550X versiones 1.0.1.21(SP3)."}], "lastModified": "2023-02-03T19:28:53.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:hege-560_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C033281-C8B1-48AF-A8E8-30863E778C10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:hege-560:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3325D5D9-8956-4335-B616-C553BF885152"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:hege-570_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20A6C8F0-9016-413D-B7CF-BA046B7A32CE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:hege-570:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "35F5ADA7-C184-47D2-BD05-029162462E1A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:osca-550_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5785116E-F7CF-49BA-8833-98913F81630C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:osca-550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0D0122F-89FF-4B3E-8837-2E07A0D27105"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:osca-550a_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A17B82-6007-416F-8EB8-19A73EDEF52B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:osca-550a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D4E574D-DEFF-48CC-81F0-28DB6432EF13"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:osca-550ax_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAFE434F-2C9A-4B04-A916-0E9BBB940EDF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:osca-550ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62EEE25C-2FA4-4B64-9680-387380D97352"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:osca-550x_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42AD7C07-1559-45F3-A364-1F9AB8D0B4E7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:osca-550x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "565AF527-86EF-4314-A645-B99D0C4C62C2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}