CVE-2020-9209

2021-01-1322:04:37

huawei

www.cve.org

privilege escalation

smc2.0

improper file location

directory limitation

attackers

malicious file

compromised service

EPSS

Percentile

12.6%

JSON

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

CNA Affected

[
  {
    "product": "SMC2.0",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V600R006C00SPC700,V600R006C00SPC800,V600R006C10SPC500,V600R006C10SPC600,V600R006C10SPC601,V600R006C10SPC602,V600R006C10SPC700,V600R006C10SPC800,V600R006C10SPCa00,V600R006C10SPCb00,V600R006C10SPCc00,V600R006C10SPCd00,V600R006C10SPCe00,V600R019C00,V600R019C10"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-9209