CVE-2020-1864

Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.

Published: Mar 20, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-1864
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
huawei / secospace_antiddos8000_firmware	500r001c00	500r001c00.x
huawei / secospace_antiddos8000_firmware	500r001c20	500r001c20.x
huawei / secospace_antiddos8000_firmware	500r001c60	500r001c60.x
huawei / secospace_antiddos8000_firmware	500r005c00	500r005c00.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authentication-en

Vulnerability Database

289,697

CVE-2020-1864