Vulnerability CVE-2020-1811

Vulnerability CVE-2020-1811

Published: 2020-02-18

Description:

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands.

Type:

CWE-74

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Huawei -> Gaussdb 200

References:

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-gaussdb200-en

Copyright 2024, cxsecurity.com