Details of VAR-202007-1261

ID

VAR-202007-1261

CVE

CVE-2020-9248

TITLE

Huawei FusionCompute Unauthorized authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008934

DESCRIPTION

Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. Huawei FusionCompute Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei FusionCompute is a computer virtualization engine developed by Huawei in China. The product provides Virtual Resource Manager (VRM) and Compute Node Agent (CNA), etc. Attackers can use this vulnerability to elevate their privileges and affect the normal service of the device

Trust: 1.71

sources: NVD: CVE-2020-9248 // JVNDB: JVNDB-2020-008934 // VULHUB: VHN-187373

AFFECTED PRODUCTS

vendor:

huawei

model:

fusioncompute

scope:

version:

8.0.0

Trust: 1.8

sources: JVNDB: JVNDB-2020-008934 // NVD: CVE-2020-9248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9248
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008934
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202007-1717
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-187373
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9248
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008934
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187373
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9248
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008934
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187373 // JVNDB: JVNDB-2020-008934 // CNNVD: CNNVD-202007-1717 // NVD: CVE-2020-9248

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-863	Trust: 0.9

sources: VULHUB: VHN-187373 // JVNDB: JVNDB-2020-008934 // NVD: CVE-2020-9248

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1717

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-1717

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008934

PATCH

title:	huawei-sa-20200729-01-fc	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-fc-en	Trust: 0.8
title:	Huawei FusionCompute Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125221	Trust: 0.6

sources: JVNDB: JVNDB-2020-008934 // CNNVD: CNNVD-202007-1717

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9248	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-008934	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-1717	Trust: 0.7
db:	NSFOCUS	id:	47798	Trust: 0.6
db:	VULHUB	id:	VHN-187373	Trust: 0.1

sources: VULHUB: VHN-187373 // JVNDB: JVNDB-2020-008934 // CNNVD: CNNVD-202007-1717 // NVD: CVE-2020-9248

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-fc-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9248	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9248	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200729-01-fc-cn	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47798	Trust: 0.6

sources: VULHUB: VHN-187373 // JVNDB: JVNDB-2020-008934 // CNNVD: CNNVD-202007-1717 // NVD: CVE-2020-9248

SOURCES

db:	VULHUB	id:	VHN-187373
db:	JVNDB	id:	JVNDB-2020-008934
db:	CNNVD	id:	CNNVD-202007-1717
db:	NVD	id:	CVE-2020-9248

LAST UPDATE DATE

2024-11-23T23:01:20+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187373	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-008934	date:	2020-10-07T00:00:00
db:	CNNVD	id:	CNNVD-202007-1717	date:	2020-08-17T00:00:00
db:	NVD	id:	CVE-2020-9248	date:	2024-11-21T05:40:16.183

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187373	date:	2020-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-008934	date:	2020-10-07T00:00:00
db:	CNNVD	id:	CNNVD-202007-1717	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2020-9248	date:	2020-07-31T13:15:12.710