Skip to main content

Fusionsphere Openstack CVE-2020-9225

HIGH
Improper Privilege Management (CWE-269)
2020-06-18 psirt@huawei.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 18, 2020 - 14:15 nvd
HIGH 7.8

DescriptionNVD

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.

AnalysisAI

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. Affected products include: Huawei Fusionsphere Openstack.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2017-8135 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-2719 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-2718 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-8194 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8195 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8134 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8132 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8131 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2020-9079 HIGH
8.8 Aug 11

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. Rated high severity (CVSS 8.8), this vul

CVE-2017-8193 HIGH
8.0 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Rated high severity (CVSS 8.0),

CVE-2017-2714 HIGH
8.0 Nov 22

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. Rated

CVE-2017-8192 HIGH
7.8 Nov 22

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vul

Share

CVE-2020-9225 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy