Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHuaweiCVE-2020-9137
HistoryDec 24, 2020 - 4:15 p.m.

CVE-2020-9137

2020-12-2416:15:16
CWE-20
huawei
web.nvd.nist.gov
45
4
cve-2020-9137
privilege escalation
cloudengine
input validation

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.

Affected configurations

Nvd
Vulners
Node
huaweicloudengine_12800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_12800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_12800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_12800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_12800_firmwareMatchv200r019c00spc800
OR
huaweicloudengine_12800_firmwareMatchv200r019c10spc800
AND
huaweicloudengine_12800Match-
Node
huaweicloudengine_5800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_5800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_5800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_5800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_5800_firmwareMatchv200r019c00spc800
OR
huaweicloudengine_5800_firmwareMatchv200r019c10spc800
AND
huaweicloudengine_5800Match-
Node
huaweicloudengine_6800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_6800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_6800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_6800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_6800_firmwareMatchv200r005c20spc800
OR
huaweicloudengine_6800_firmwareMatchv200r019c00spc800
OR
huaweicloudengine_6800_firmwareMatchv200r019c10spc800
AND
huaweicloudengine_6800Match-
Node
huaweicloudengine_7800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_7800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_7800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_7800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_7800_firmwareMatchv200r019c00spc800
OR
huaweicloudengine_7800_firmwareMatchv200r019c10spc800
AND
huaweicloudengine_7800Match-
VendorProductVersionCPE
huaweicloudengine_12800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800-cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*
Rows per page:
1-10 of 291

CNA Affected

[
  {
    "product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800"
      },
      {
        "status": "affected",
        "version": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800"
      }
    ]
  }
]

Social References

More

Related

prion 1
cvelist 1
openvas 1
huawei 1
nvd 1
prion
prion
Privilege escalation
2020-12-24 16:15:00
cvelist
cvelist
CVE-2020-9137
2020-12-24 15:47:56
openvas
openvas
Privilege Escalation Vulnerability in Some Huawei Products (huawei-sa-20201202-02-privilege)
2023-12-21 00:00:00
huawei
huawei
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
2020-12-02 00:00:00
nvd
nvd
CVE-2020-9137
2020-12-24 16:15:16

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2020-9137
prion1cvelist1openvas1huawei1nvd1