Details of VAR-202009-1321

ID

VAR-202009-1321

CVE

CVE-2020-9199

TITLE

Command Injection Vulnerabilities in Multiple Huawei Products

Trust: 0.6

sources: CNVD: CNVD-2022-73696

DESCRIPTION

B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. Huawei B2368-22, etc. are all high-performance outdoor CPE terminals from Huawei (Huawei)

Trust: 1.44

sources: NVD: CVE-2020-9199 // CNVD: CNVD-2022-73696

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-73696

AFFECTED PRODUCTS

vendor:	huawei	model:	b2368-57	scope:	eq	version:	v100r001c00	Trust: 1.0
vendor:	huawei	model:	b2368-22	scope:	eq	version:	v100r001c00	Trust: 1.0
vendor:	huawei	model:	b2368-66	scope:	eq	version:	v100r001c00	Trust: 1.0
vendor:	huawei	model:	b2368-57 v100r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	b2368-22 v100r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	b2368-66 v100r001c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-73696 // NVD: CVE-2020-9199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9199
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2022-73696
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202009-136
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9199
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2022-73696
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9199
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-73696 // CNNVD: CNNVD-202009-136 // NVD: CVE-2020-9199

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2020-9199

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-136

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202009-136

PATCH

title:	Patch for Command Injection Vulnerabilities in Multiple Huawei Products	url:	https://www.cnvd.org.cn/patchInfo/show/360051	Trust: 0.6
title:	Repair measures for security vulnerabilities in many Huawei products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127395	Trust: 0.6

sources: CNVD: CNVD-2022-73696 // CNNVD: CNNVD-202009-136

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9199	Trust: 2.2
db:	CNVD	id:	CNVD-2022-73696	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-136	Trust: 0.6

sources: CNVD: CNVD-2022-73696 // CNNVD: CNNVD-202009-136 // NVD: CVE-2020-9199

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9199	Trust: 1.2
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200902-01-command-cn	Trust: 0.6

sources: CNVD: CNVD-2022-73696 // CNNVD: CNNVD-202009-136 // NVD: CVE-2020-9199

SOURCES

db:	CNVD	id:	CNVD-2022-73696
db:	CNNVD	id:	CNNVD-202009-136
db:	NVD	id:	CVE-2020-9199

LAST UPDATE DATE

2024-11-23T22:37:14.739000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-73696	date:	2022-11-04T00:00:00
db:	CNNVD	id:	CNNVD-202009-136	date:	2022-03-08T00:00:00
db:	NVD	id:	CVE-2020-9199	date:	2024-11-21T05:40:08.770

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-73696	date:	2022-11-04T00:00:00
db:	CNNVD	id:	CNNVD-202009-136	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-9199	date:	2020-09-03T18:15:15.223