Strix
26.1K

CVE-2020-9099

CRITICALCVSS 9.8/10EPSS 0.88%

Last modified

CVE-2020-9099 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. EPSS estimates a 0.88% chance of exploitation in the next 30 days.

Description

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.88%

54.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiIps Module Firmwarev500r001c00
HuaweiIps Module Firmwarev500r001c20
HuaweiIps Module Firmwarev500r001c30
HuaweiIps Module Firmwarev500r001c50
HuaweiIps Module Firmwarev500r001c60
HuaweiIps Module Firmwarev500r001c80
HuaweiIps Module Firmwarev500r005c00
HuaweiIps Module Firmwarev500r005c10
HuaweiIps Module Firmwarev500r005c20
HuaweiNgfw Module Firmwarev500r001c00
HuaweiNgfw Module Firmwarev500r001c20
HuaweiNgfw Module Firmwarev500r001c30
HuaweiNgfw Module Firmwarev500r001c50
HuaweiNgfw Module Firmwarev500r001c60
HuaweiNgfw Module Firmwarev500r002c00
HuaweiNgfw Module Firmwarev500r002c10
HuaweiNgfw Module Firmwarev500r002c20
HuaweiNgfw Module Firmwarev500r002c30
HuaweiNgfw Module Firmwarev500r005c00
HuaweiNgfw Module Firmwarev500r005c10
HuaweiNgfw Module Firmwarev500r005c20
HuaweiNip6300 Firmwarev500r001c00
HuaweiNip6300 Firmwarev500r001c20
HuaweiNip6300 Firmwarev500r001c30
HuaweiNip6300 Firmwarev500r001c50
HuaweiNip6300 Firmwarev500r001c60
HuaweiNip6300 Firmwarev500r001c80
HuaweiNip6300 Firmwarev500r005c00
HuaweiNip6300 Firmwarev500r005c10
HuaweiNip6300 Firmwarev500r005c20
HuaweiNip6600 Firmwarev500r001c00
HuaweiNip6600 Firmwarev500r001c20
HuaweiNip6600 Firmwarev500r001c30
HuaweiNip6600 Firmwarev500r001c50
HuaweiNip6600 Firmwarev500r001c60
HuaweiNip6600 Firmwarev500r001c80
HuaweiNip6600 Firmwarev500r005c00
HuaweiNip6600 Firmwarev500r005c10
HuaweiNip6600 Firmwarev500r005c20
HuaweiNip6800 Firmwarev500r001c60
HuaweiNip6800 Firmwarev500r001c80
HuaweiNip6800 Firmwarev500r005c00
HuaweiNip6800 Firmwarev500r005c10
HuaweiNip6800 Firmwarev500r005c20
HuaweiSecospace Usg6300 Firmwarev500r001c00
HuaweiSecospace Usg6300 Firmwarev500r001c20
HuaweiSecospace Usg6300 Firmwarev500r001c30
HuaweiSecospace Usg6300 Firmwarev500r001c50
HuaweiSecospace Usg6300 Firmwarev500r001c60
HuaweiSecospace Usg6300 Firmwarev500r001c80

Showing 50 of 80 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-9099?
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.
How severe is CVE-2020-9099?
CVE-2020-9099 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.88% probability of exploitation in the next 30 days.
How do I fix CVE-2020-9099?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-9099?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST