| |
Vulnerability CVE-2020-9199
Published: 2020-09-03
| Description: |
B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. |
Type:
CWE-94 (Improper Control of Generation of Code ('Code Injection'))
CVSS2 => (AV:A/AC:L/Au:S/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.7/10 |
10/10 |
5.1/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
