Skip to main content

Fusioncompute CVE-2020-9242

HIGH
Command Injection (CWE-77)
2020-08-17 psirt@huawei.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 17, 2020 - 15:15 nvd
HIGH 8.8

DescriptionNVD

FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.

AnalysisAI

FusionCompute 8.0.0 have a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. Affected products include: Huawei Fusioncompute.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2020-9233 CRITICAL
9.1 Aug 17

FusionCompute 8.0.0 have an insufficient authentication vulnerability. Rated critical severity (CVSS 9.1), this vulnerab

CVE-2021-37102 HIGH
8.8 Nov 23

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default ce

CVE-2020-9114 HIGH
7.8 Dec 01

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Rated high severi

CVE-2020-9078 HIGH
7.8 Aug 10

FusionCompute 8.0.0 have local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is

CVE-2021-37105 HIGH
7.5 Sep 28

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Rated high severity (CVS

CVE-2020-9228 HIGH
7.5 Aug 14

FusionCompute 8.0.0 has an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2021-37106 HIGH
7.2 Sep 28

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when pro

CVE-2020-9116 HIGH
7.2 Dec 01

Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. Rated high severity (CVSS 7.2), th

CVE-2020-9248 MEDIUM
6.7 Jul 31

Huawei FusionComput 8.0.0 have an improper authorization vulnerability. Rated medium severity (CVSS 6.7), this vulnerabi

CVE-2016-6827 MEDIUM
6.5 Sep 26

Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated use

CVE-2016-4057 MEDIUM
6.5 Jun 30

Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource c

CVE-2017-8158 MEDIUM
6.5 Nov 22

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settin

Share

CVE-2020-9242 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy