CVE-2020-9200 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Imanager Neteco 6000	v600r021c00

Related Weaknesses (CWE)

CWE-1236

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjVendor Advisory

FAQ

What is CVE-2020-9200?

CVE-2020-9200 is a vulnerability with a CVSS score of 7.8 (HIGH). There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. ...

How severe is CVE-2020-9200?

CVE-2020-9200 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9200?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Imanager Neteco 6000.