Details of VAR-202008-1052

ID

VAR-202008-1052

CVE

CVE-2020-9079

TITLE

FusionSphere OpenStack Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009187

DESCRIPTION

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. FusionSphere OpenStack Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. Huawei FusionSphere OpenStack is an OpenStack-based cloud operating system developed by China's Huawei (Huawei). There is a security vulnerability in Huawei FusionSphere OpenStack version 8.0.0

Trust: 1.71

sources: NVD: CVE-2020-9079 // JVNDB: JVNDB-2020-009187 // VULHUB: VHN-187204

AFFECTED PRODUCTS

vendor:	huawei	model:	fusionsphere openstack	scope:	eq	version:	8.0.0	Trust: 1.8
vendor:	huawei	model:	fusionsphere openstack	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-009187 // NVD: CVE-2020-9079

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9079
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9079
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-158
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187204
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9079
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-187204
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9079
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9079
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187204 // JVNDB: JVNDB-2020-009187 // CNNVD: CNNVD-202008-158 // NVD: CVE-2020-9079

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-009187 // NVD: CVE-2020-9079

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202008-158

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-158

PATCH

title:	huawei-sa-20200805-01-failure	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-failure-en	Trust: 0.8
title:	Huawei FusionSphere OpenStack Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125498	Trust: 0.6

sources: JVNDB: JVNDB-2020-009187 // CNNVD: CNNVD-202008-158

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9079	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-009187	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-158	Trust: 0.7
db:	VULHUB	id:	VHN-187204	Trust: 0.1

sources: VULHUB: VHN-187204 // JVNDB: JVNDB-2020-009187 // CNNVD: CNNVD-202008-158 // NVD: CVE-2020-9079

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-failure-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9079	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200805-01-failure-cn	Trust: 0.6

sources: VULHUB: VHN-187204 // JVNDB: JVNDB-2020-009187 // CNNVD: CNNVD-202008-158 // NVD: CVE-2020-9079

SOURCES

db:	VULHUB	id:	VHN-187204
db:	JVNDB	id:	JVNDB-2020-009187
db:	CNNVD	id:	CNNVD-202008-158
db:	NVD	id:	CVE-2020-9079

LAST UPDATE DATE

2024-11-23T23:11:18.252000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187204	date:	2020-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-009187	date:	2020-10-22T08:36:00
db:	CNNVD	id:	CNNVD-202008-158	date:	2020-08-13T00:00:00
db:	NVD	id:	CVE-2020-9079	date:	2024-11-21T05:39:59.417

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187204	date:	2020-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-009187	date:	2020-10-22T00:00:00
db:	CNNVD	id:	CNNVD-202008-158	date:	2020-08-05T00:00:00
db:	NVD	id:	CVE-2020-9079	date:	2020-08-11T02:15:12.350