CVE-2020-9099
CRITICALHuawei IPS Module and NGFW Module - Improper Authentication
Title source: llmDescription
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en
Scores
CVSS v3
9.8
EPSS
0.0016
EPSS Percentile
36.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (50)
huawei/ips_module_firmware
v500r001c00
huawei/ips_module_firmware
v500r001c20
huawei/ips_module_firmware
v500r001c30
huawei/ips_module_firmware
v500r001c50
huawei/ips_module_firmware
v500r001c60
huawei/ips_module_firmware
v500r001c80
huawei/ips_module_firmware
v500r005c00
huawei/ips_module_firmware
v500r005c10
huawei/ips_module_firmware
v500r005c20
huawei/ngfw_module_firmware
v500r001c00
... and 40 more
Published
Jun 08, 2020
Tracked Since
Feb 18, 2026