CVE-2020-9200

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en	Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:huawei:imanager_neteco_6000:v600r021c00:*:*:*:*:*:*:*

History

21 Nov 2024, 05:40

Type	Values Removed	Values Added
References	~~() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en - Vendor Advisory~~	() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en - Vendor Advisory

Information

Published : 2020-12-24 16:15

Updated : 2024-11-21 05:40

NVD link : CVE-2020-9200

Mitre link : CVE-2020-9200

CVE.ORG link : CVE-2020-9200

JSON object : View

Products Affected

huawei

imanager_neteco_6000

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2020-9200", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-12-24T16:15:16.087", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de inyecci\u00f3n de CSV en iManager NetEco 6000 versiones V600R021C00. Un atacante con privilegios comunes puede explotar esta vulnerabilidad mediante algunas operaciones para inyectar archivos CSV. Debido a una comprobaci\u00f3n insuficiente de la entrada de algunos par\u00e1metros, el atacante puede explotar esta vulnerabilidad para inyectar archivos CSV en el dispositivo objetivo"}], "lastModified": "2024-11-21T05:40:08.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:imanager_neteco_6000:v600r021c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7041153F-49FC-4E82-B0C5-8189EC53DA9F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}