CVE-2020-9116

{"id": "CVE-2020-9116", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-12-01T00:15:11.507", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-fusioncompute-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-fusioncompute-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege."}, {"lang": "es", "value": "Las versiones 6.5.1 y 8.0.0 de Huawei FusionCompute tienen una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante remoto autenticado puede dise\u00f1ar una petici\u00f3n espec\u00edfica para aprovechar esta vulnerabilidad. Debido a una verificaci\u00f3n insuficiente, esto podr\u00eda aprovecharse para hacer que los atacantes obtengan un mayor privilegio"}], "lastModified": "2024-11-21T05:40:04.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:fusioncompute:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "916284A3-6895-4F2C-9426-240F4EB7336F"}, {"criteria": "cpe:2.3:a:huawei:fusioncompute:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D251AD0-6227-4190-815F-B526F40D8A43"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}