Sign-up

ID

VAR-202008-1043


CVE

CVE-2020-9233


TITLE

FusionCompute Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009589

DESCRIPTION

FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal. FusionCompute There is an authentication vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Huawei FusionCompute is a computer virtualization engine of China's Huawei (Huawei) company. The product provides virtual resource manager (VRM) and compute node agent (CNA), etc

Trust: 2.25

sources: NVD: CVE-2020-9233 // JVNDB: JVNDB-2020-009589 // CNVD: CNVD-2020-49547 // VULHUB: VHN-187358

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49547

AFFECTED PRODUCTS

vendor:huaweimodel:fusioncomputescope:eqversion:8.0.0

Trust: 2.4

sources: CNVD: CNVD-2020-49547 // JVNDB: JVNDB-2020-009589 // NVD: CVE-2020-9233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9233
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-009589
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-49547
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-860
value: CRITICAL

Trust: 0.6

VULHUB: VHN-187358
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9233
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009589
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-49547
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-187358
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9233
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009589
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-49547 // VULHUB: VHN-187358 // JVNDB: JVNDB-2020-009589 // CNNVD: CNNVD-202008-860 // NVD: CVE-2020-9233

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-187358 // JVNDB: JVNDB-2020-009589 // NVD: CVE-2020-9233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-860

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202008-860

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009589

PATCH
title:huawei-sa-20200812-01-authenticationurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-authentication-en
Trust: 0.8
title:Patch for Huawei FusionCompute authorization issue vulnerability (CNVD-2020-49547)url:https://www.cnvd.org.cn/patchInfo/show/231859
Trust: 0.6
title:Huawei FusionCompute Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126547
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49547 // 
            
            
            
            JVNDB: JVNDB-2020-009589 // 
            
            
            
            CNNVD: CNNVD-202008-860

EXTERNAL IDS
db:NVDid:CVE-2020-9233
Trust: 3.1
db:JVNDBid:JVNDB-2020-009589
Trust: 0.8
db:CNVDid:CNVD-2020-49547
Trust: 0.7
db:CNNVDid:CNNVD-202008-860
Trust: 0.7
db:NSFOCUSid:48736
Trust: 0.6
db:VULHUBid:VHN-187358
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-49547 // 
            
            
            
            VULHUB: VHN-187358 // 
            
            
            
            JVNDB: JVNDB-2020-009589 // 
            
            
            
            CNNVD: CNNVD-202008-860 // 
            
            
            
            NVD: CVE-2020-9233

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-9233
Trust: 2.0
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-authentication-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9233
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48736
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49547 // 
            
            
            
            VULHUB: VHN-187358 // 
            
            
            
            JVNDB: JVNDB-2020-009589 // 
            
            
            
            CNNVD: CNNVD-202008-860 // 
            
            
            
            NVD: CVE-2020-9233

SOURCES
db:CNVDid:CNVD-2020-49547
db:VULHUBid:VHN-187358
db:JVNDBid:JVNDB-2020-009589
db:CNNVDid:CNNVD-202008-860
db:NVDid:CVE-2020-9233

LAST UPDATE DATE
2024-11-23T22:55:05.274000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-49547date:2020-08-31T00:00:00
db:VULHUBid:VHN-187358date:2020-08-21T00:00:00
db:JVNDBid:JVNDB-2020-009589date:2020-11-19T05:37:50
db:CNNVDid:CNNVD-202008-860date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9233date:2024-11-21T05:40:12.563

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-49547date:2020-08-26T00:00:00
db:VULHUBid:VHN-187358date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009589date:2020-11-19T05:37:50
db:CNNVDid:CNNVD-202008-860date:2020-08-17T00:00:00
db:NVDid:CVE-2020-9233date:2020-08-17T16:15:13.937