Lucene search

Huawei TechnologiesHUAWEI-SA-20201230-01-PE

HistoryDec 30, 2020 - 12:00 a.m.

Security Advisory - Privilege Escalation Vulnerability in Huawei Product

2020-12-3000:00:00

Huawei Technologies

www.huawei.com

security advisory

privilege escalation

huawei

vulnerability

software updates

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

There is a privilege escalation vulnerability in some Huawei products. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products. (Vulnerability ID: HWPSIRT-2020-00007)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9209.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en>

Affected configurations

Vulners

Node

huaweismc2.0_firmwareMatchv600r006c00spc700

huaweismc2.0_firmwareMatchv600r006c00spc800

huaweismc2.0_firmwareMatchv600r006c10spc500

huaweismc2.0_firmwareMatchv600r006c10spc600

huaweismc2.0_firmwareMatchv600r006c10spc601

huaweismc2.0_firmwareMatchv600r006c10spc602

huaweismc2.0_firmwareMatchv600r006c10spc700

huaweismc2.0_firmwareMatchv600r006c10spc800

huaweismc2.0_firmwareMatchv600r006c10spca00

huaweismc2.0_firmwareMatchv600r006c10spcb00

huaweismc2.0_firmwareMatchv600r006c10spcc00

huaweismc2.0_firmwareMatchv600r006c10spcd00

huaweismc2.0_firmwareMatchv600r006c10spce00

huaweismc2.0_firmwareMatchv600r019c00

huaweismc2.0_firmwareMatchv600r019c10

VendorProductVersionCPE
huaweismc2.0_firmwarev600r006c00spc700cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc700:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c00spc800cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc800:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc500cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc500:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc600cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc600:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc601cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc601:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc602cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc602:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc700cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc700:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc800cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc800:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spca00cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spca00:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spcb00cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spcb00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	smc2.0_firmware	v600r006c00spc700	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc700:::::::*
huawei	smc2.0_firmware	v600r006c00spc800	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc800:::::::*
huawei	smc2.0_firmware	v600r006c10spc500	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc500:::::::*
huawei	smc2.0_firmware	v600r006c10spc600	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc600:::::::*
huawei	smc2.0_firmware	v600r006c10spc601	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc601:::::::*
huawei	smc2.0_firmware	v600r006c10spc602	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc602:::::::*
huawei	smc2.0_firmware	v600r006c10spc700	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc700:::::::*
huawei	smc2.0_firmware	v600r006c10spc800	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc800:::::::*
huawei	smc2.0_firmware	v600r006c10spca00	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spca00:::::::*
huawei	smc2.0_firmware	v600r006c10spcb00	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spcb00:::::::*

Rows per page:

1-10 of 151

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for HUAWEI-SA-20201230-01-PE