Improper validation of integrity check value in several Huawei products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-1802 |
| CWE-ID | CWE-354 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
OSCA-550 Hardware solutions / Other hardware appliances OSCA-550A Hardware solutions / Other hardware appliances OSCA-550AX Hardware solutions / Other hardware appliances OSCA-550X Hardware solutions / Other hardware appliances |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper validation of integrity check value
EUVDB-ID: #VU26733
Risk: Low
CVSSv4.0: 0.7 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-1802
CWE-ID:
CWE-354 - Improper Validation of Integrity Check Value
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to the target device.
The vulnerability exists due to the affected device does not sufficiently validate the integrity of certain file in certain loading processes. An attacker with physical access can load a specially crafted file to the device through USB and gain access to the device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOSCA-550: 1.0.1.23(SP2)
OSCA-550A: 1.0.1.23(SP2)
OSCA-550AX: 1.0.1.23(SP2)
OSCA-550X: 1.0.1.23(SP2)
CPE2.3- cpe:2.3:h:huawei:osca-550:1.0.1.23(SP2):*:*:*:*:*:*:*
- cpe:2.3:h:huawei:osca-550a:1.0.1.23(SP2):*:*:*:*:*:*:*
- cpe:2.3:h:huawei:osca-550ax:1.0.1.23(SP2):*:*:*:*:*:*:*
- cpe:2.3:h:huawei:osca-550x:1.0.1.23(SP2):*:*:*:*:*:*:*
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-osca-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
