Details of VAR-202002-0577

ID

VAR-202002-0577

CVE

CVE-2020-1811

TITLE

GaussDB 200 Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002062

DESCRIPTION

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. GaussDB 200 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei GaussDB 200 is a distributed parallel relational database system developed by China Huawei (Huawei) based on the open source database Postgres-XC

Trust: 1.71

sources: NVD: CVE-2020-1811 // JVNDB: JVNDB-2020-002062 // VULHUB: VHN-171355

AFFECTED PRODUCTS

vendor:

huawei

model:

gaussdb 200

scope:

version:

6.5.1

Trust: 2.4

sources: JVNDB: JVNDB-2020-002062 // CNNVD: CNNVD-202001-894 // NVD: CVE-2020-1811

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1811
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-002062
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202001-894
value:	HIGH
Trust: 0.6
VULHUB:	VHN-171355
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1811
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002062
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-171355
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1811
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002062
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-171355 // JVNDB: JVNDB-2020-002062 // CNNVD: CNNVD-202001-894 // NVD: CVE-2020-1811

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-77	Trust: 1.1
problemtype:	CWE-74	Trust: 0.9

sources: VULHUB: VHN-171355 // JVNDB: JVNDB-2020-002062 // NVD: CVE-2020-1811

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-894

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202001-894

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002062

PATCH

title:	huawei-sa-20200120-01-gaussdb200	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-gaussdb200-en	Trust: 0.8
title:	Huawei GaussDB 200 Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110664	Trust: 0.6

sources: JVNDB: JVNDB-2020-002062 // CNNVD: CNNVD-202001-894

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1811	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-002062	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-894	Trust: 0.7
db:	VULHUB	id:	VHN-171355	Trust: 0.1

sources: VULHUB: VHN-171355 // JVNDB: JVNDB-2020-002062 // CNNVD: CNNVD-202001-894 // NVD: CVE-2020-1811

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-gaussdb200-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1811	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1811	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200120-01-gaussdb200-cn	Trust: 0.6

sources: VULHUB: VHN-171355 // JVNDB: JVNDB-2020-002062 // CNNVD: CNNVD-202001-894 // NVD: CVE-2020-1811

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-202001-894

SOURCES

db:	VULHUB	id:	VHN-171355
db:	JVNDB	id:	JVNDB-2020-002062
db:	CNNVD	id:	CNNVD-202001-894
db:	NVD	id:	CVE-2020-1811

LAST UPDATE DATE

2024-11-23T23:04:29.121000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-171355	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-002062	date:	2020-03-03T00:00:00
db:	CNNVD	id:	CNNVD-202001-894	date:	2020-02-28T00:00:00
db:	NVD	id:	CVE-2020-1811	date:	2024-11-21T05:11:25.590

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-171355	date:	2020-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-002062	date:	2020-03-03T00:00:00
db:	CNNVD	id:	CNNVD-202001-894	date:	2020-01-20T00:00:00
db:	NVD	id:	CVE-2020-1811	date:	2020-02-18T00:15:11.180