Lucene search

[email protected]NVD:CVE-2020-9137

HistoryDec 24, 2020 - 4:15 p.m.

CVE-2020-9137

2020-12-2416:15:16

CWE-20

[email protected]

web.nvd.nist.gov

cve-2020-9137

privilege escalation

cloudengine 12800

cloudengine 5800

cloudengine 6800

cloudengine 7800

insufficient input validation

local attacker

specially crafted scripts

successful exploit

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.

Affected configurations

Nvd

Node

huaweicloudengine_12800_firmwareMatchv200r002c50spc800

huaweicloudengine_12800_firmwareMatchv200r003c00spc810

huaweicloudengine_12800_firmwareMatchv200r005c00spc800

huaweicloudengine_12800_firmwareMatchv200r005c10spc800

huaweicloudengine_12800_firmwareMatchv200r019c00spc800

huaweicloudengine_12800_firmwareMatchv200r019c10spc800

AND

huaweicloudengine_12800Match-

Node

huaweicloudengine_5800_firmwareMatchv200r002c50spc800

huaweicloudengine_5800_firmwareMatchv200r003c00spc810

huaweicloudengine_5800_firmwareMatchv200r005c00spc800

huaweicloudengine_5800_firmwareMatchv200r005c10spc800

huaweicloudengine_5800_firmwareMatchv200r019c00spc800

huaweicloudengine_5800_firmwareMatchv200r019c10spc800

AND

huaweicloudengine_5800Match-

Node

huaweicloudengine_6800_firmwareMatchv200r002c50spc800

huaweicloudengine_6800_firmwareMatchv200r003c00spc810

huaweicloudengine_6800_firmwareMatchv200r005c00spc800

huaweicloudengine_6800_firmwareMatchv200r005c10spc800

huaweicloudengine_6800_firmwareMatchv200r005c20spc800

huaweicloudengine_6800_firmwareMatchv200r019c00spc800

huaweicloudengine_6800_firmwareMatchv200r019c10spc800

AND

huaweicloudengine_6800Match-

Node

huaweicloudengine_7800_firmwareMatchv200r002c50spc800

huaweicloudengine_7800_firmwareMatchv200r003c00spc810

huaweicloudengine_7800_firmwareMatchv200r005c00spc800

huaweicloudengine_7800_firmwareMatchv200r005c10spc800

huaweicloudengine_7800_firmwareMatchv200r019c00spc800

huaweicloudengine_7800_firmwareMatchv200r019c10spc800

AND

huaweicloudengine_7800Match-

VendorProductVersionCPE
huaweicloudengine_12800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800-cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	cloudengine_12800_firmware	v200r002c50spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:::::::*
huawei	cloudengine_12800_firmware	v200r003c00spc810	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:::::::*
huawei	cloudengine_12800_firmware	v200r005c00spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:::::::*
huawei	cloudengine_12800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:::::::*
huawei	cloudengine_12800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:::::::*
huawei	cloudengine_12800_firmware	v200r019c10spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:::::::*
huawei	cloudengine_12800	-	cpe:2.3:h:huawei:cloudengine_12800:-:::::::*
huawei	cloudengine_5800_firmware	v200r002c50spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:::::::*
huawei	cloudengine_5800_firmware	v200r003c00spc810	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:::::::*
huawei	cloudengine_5800_firmware	v200r005c00spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:::::::*

Rows per page:

1-10 of 291

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privilege-en

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2020-9137

prion1 cvelist1 openvas1 huawei1 cve1