Lucene search

Huawei TechnologiesHUAWEI-SA-20201111-02-INJECTION

HistoryNov 11, 2020 - 12:00 a.m.

Security Advisory - Command Injection Vulnerability in Some Huawei Products

2020-11-1100:00:00

Huawei Technologies

www.huawei.com

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection. (Vulnerability ID: HWPSIRT-2020-59877)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9127.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-injection-en

Affected configurations

Vulners

Node

huaweinip6300Matchv500r001c30

huaweinip6300Matchv500r001c60

huaweinip6600Matchv500r001c30

huaweinip6600Matchv500r001c60

huaweisecospace_usg6300Matchv500r001c30

huaweisecospace_usg6300Matchv500r001c60

huaweisecospace_usg6500Matchv500r001c30

huaweisecospace_usg6500Matchv500r001c60

huaweisecospace_usg6600Matchv500r001c30

huaweisecospace_usg6600Matchv500r001c60

huaweiusg9500Matchv500r001c30

huaweiusg9500Matchv500r001c60

CPENameOperatorVersion
nip6300eqV500R001C30
nip6300eqV500R001C60
nip6600eqV500R001C30
nip6600eqV500R001C60
secospace usg6300eqV500R001C30
secospace usg6300eqV500R001C60
secospace usg6500eqV500R001C30
secospace usg6500eqV500R001C60
secospace usg6600eqV500R001C30
secospace usg6600eqV500R001C60

Name	Operator	Version
nip6300	eq	V500R001C30
nip6300	eq	V500R001C60
nip6600	eq	V500R001C30
nip6600	eq	V500R001C60
secospace usg6300	eq	V500R001C30
secospace usg6300	eq	V500R001C60
secospace usg6500	eq	V500R001C30
secospace usg6500	eq	V500R001C60
secospace usg6600	eq	V500R001C30
secospace usg6600	eq	V500R001C60

Rows per page:

1-10 of 121

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for HUAWEI-SA-20201111-02-INJECTION