Lucene search

[email protected]NVD:CVE-2020-9209

HistoryJan 13, 2021 - 11:15 p.m.

CVE-2020-9209

2021-01-1323:15:13

CWE-862

[email protected]

web.nvd.nist.gov

privilege escalation

smc2.0

directory limitation

compromise service

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

Affected configurations

Nvd

Node

huaweismc2.0_firmwareMatchv600r006c00spc700

huaweismc2.0_firmwareMatchv600r006c00spc800

huaweismc2.0_firmwareMatchv600r006c10spc500

huaweismc2.0_firmwareMatchv600r006c10spc600

huaweismc2.0_firmwareMatchv600r006c10spc601

huaweismc2.0_firmwareMatchv600r006c10spc602

huaweismc2.0_firmwareMatchv600r006c10spc700

huaweismc2.0_firmwareMatchv600r006c10spc800

huaweismc2.0_firmwareMatchv600r006c10spca00

huaweismc2.0_firmwareMatchv600r006c10spcb00

huaweismc2.0_firmwareMatchv600r006c10spcc00

huaweismc2.0_firmwareMatchv600r006c10spcd00

huaweismc2.0_firmwareMatchv600r006c10spce00

huaweismc2.0_firmwareMatchv600r019c00

huaweismc2.0_firmwareMatchv600r019c10

AND

huaweismc2.0Match-

VendorProductVersionCPE
huaweismc2.0_firmwarev600r006c00spc700cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc700:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c00spc800cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc800:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc500cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc500:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc600cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc600:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc601cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc601:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc602cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc602:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc700cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc700:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spc800cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc800:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spca00cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spca00:*:*:*:*:*:*:*
huaweismc2.0_firmwarev600r006c10spcb00cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spcb00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	smc2.0_firmware	v600r006c00spc700	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc700:::::::*
huawei	smc2.0_firmware	v600r006c00spc800	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00spc800:::::::*
huawei	smc2.0_firmware	v600r006c10spc500	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc500:::::::*
huawei	smc2.0_firmware	v600r006c10spc600	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc600:::::::*
huawei	smc2.0_firmware	v600r006c10spc601	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc601:::::::*
huawei	smc2.0_firmware	v600r006c10spc602	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc602:::::::*
huawei	smc2.0_firmware	v600r006c10spc700	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc700:::::::*
huawei	smc2.0_firmware	v600r006c10spc800	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spc800:::::::*
huawei	smc2.0_firmware	v600r006c10spca00	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spca00:::::::*
huawei	smc2.0_firmware	v600r006c10spcb00	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c10spcb00:::::::*

Rows per page:

1-10 of 161

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-9209

huawei1 cve1 cvelist1 prion1