CVE-2020-9207 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Cloudengine 12800 Firmware	v200r019c00spc800
Huawei	Cloudengine 12800	-
Huawei	Cloudengine 5800 Firmware	v200r019c00spc800
Huawei	Cloudengine 5800	-
Huawei	Cloudengine 6800 Firmware	v200r005c20spc800
Huawei	Cloudengine 6800	-
Huawei	Cloudengine 7800 Firmware	v200r019c00spc800
Huawei	Cloudengine 7800	-

Related Weaknesses (CWE)

CWE-287

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-enVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-enVendor Advisory

FAQ

What is CVE-2020-9207?

CVE-2020-9207 is a vulnerability with a CVSS score of 7.8 (HIGH). There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting...

How severe is CVE-2020-9207?

CVE-2020-9207 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9207?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Cloudengine 12800 Firmware, Huawei Cloudengine 12800, Huawei Cloudengine 5800 Firmware, Huawei Cloudengine 5800, Huawei Cloudengine 6800 Firmware.