CloudEngine 12800 versions V200R002C50SPC800 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Summary

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information.

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-en


Details

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800

 

Vulnerable Systems:

CloudEngine 12800 versions V200R002C50SPC800

CloudEngine 12800 versions V200R003C00SPC810

CloudEngine 12800 versions V200R005C00SPC800

CloudEngine 12800 versions V200R005C10SPC800

CloudEngine 12800 versions V200R019C00SPC800

CloudEngine 5800 versions V200R002C50SPC800

CloudEngine 5800 versions V200R003C00SPC810

CloudEngine 5800 versions V200R005C00SPC800

CloudEngine 5800 versions V200R005C10SPC800

CloudEngine 5800 versions V200R019C00SPC800

CloudEngine 6800 versions V200R002C50SPC800

CloudEngine 6800 versions V200R003C00SPC810

CloudEngine 6800 versions V200R005C00SPC800

CloudEngine 6800 versions V200R005C10SPC800

CloudEngine 6800 versions V200R005C20SPC800

CloudEngine 6800 versions V200R019C00SPC800

CloudEngine 7800 versions V200R002C50SPC800

CloudEngine 7800 versions V200R003C00SPC810

CloudEngine 7800 versions V200R005C00SPC800

CloudEngine 7800 versions V200R005C10SPC800

CloudEngine 7800 versions V200R019C00SPC800

 

CVE Information:

CVE-2020-9102

 

Disclosure Timeline:
Published Date:7/17/2020

Categories: FeaturedNews