CVE-2020-9199

Published Sep 3, 2020

Last updated 3 years ago

CVSS medium 6.8

Overview

Description: B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.7
Impact score: 10
Exploitability score: 5.1
Vector string: AV:A/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-77

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:b2368-22_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F352301-16EA-48A3-B8FF-80E0B39343BD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:b2368-22:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C9F144A2-2B30-4674-B66D-A50948593434"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:b2368-57_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B66FA48B-331C-4F4E-BDB2-7D5978A5C148"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:b2368-57:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "78D8ADD6-FACC-4F26-ABC3-EB6A530C8456"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:b2368-66_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA175370-603E-4A4E-89EF-8AF37788614A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:b2368-66:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "62A7FE7C-1ADC-4A64-9F53-78FEE0622CA6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References