Details of VAR-202010-1181

ID

VAR-202010-1181

CVE

CVE-2020-9090

TITLE

FusionAccess Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-012143

DESCRIPTION

FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. FusionAccess Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei smartphones could allow a local authenticated malicious user to bypass security restrictions, caused by an improper authorization vulnerability

Trust: 1.8

sources: NVD: CVE-2020-9090 // JVNDB: JVNDB-2020-012143 // VULHUB: VHN-187215 // VULMON: CVE-2020-9090

AFFECTED PRODUCTS

vendor:	huawei	model:	fusionaccess	scope:	eq	version:	6.5.1	Trust: 1.8
vendor:	huawei	model:	fusionaccess	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012143 // NVD: CVE-2020-9090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9090
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9090
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-1695
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187215
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9090
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9090
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-187215
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9090
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9090
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187215 // VULMON: CVE-2020-9090 // JVNDB: JVNDB-2020-012143 // CNNVD: CNNVD-202009-1695 // NVD: CVE-2020-9090

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-187215 // JVNDB: JVNDB-2020-012143 // NVD: CVE-2020-9090

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1695

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-1695

PATCH

title:	huawei-sa-20200930-01-fa	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en	Trust: 0.8
title:	Huawei FusionAccess Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130388	Trust: 0.6

sources: JVNDB: JVNDB-2020-012143 // CNNVD: CNNVD-202009-1695

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9090	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012143	Trust: 0.8
db:	NSFOCUS	id:	49656	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-1695	Trust: 0.6
db:	CNVD	id:	CNVD-2020-57584	Trust: 0.1
db:	VULHUB	id:	VHN-187215	Trust: 0.1
db:	VULMON	id:	CVE-2020-9090	Trust: 0.1

sources: VULHUB: VHN-187215 // VULMON: CVE-2020-9090 // JVNDB: JVNDB-2020-012143 // CNNVD: CNNVD-202009-1695 // NVD: CVE-2020-9090

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9090	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/49656	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200930-01-fa-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189289	Trust: 0.1

sources: VULHUB: VHN-187215 // VULMON: CVE-2020-9090 // JVNDB: JVNDB-2020-012143 // CNNVD: CNNVD-202009-1695 // NVD: CVE-2020-9090

SOURCES

db:	VULHUB	id:	VHN-187215
db:	VULMON	id:	CVE-2020-9090
db:	JVNDB	id:	JVNDB-2020-012143
db:	CNNVD	id:	CNNVD-202009-1695
db:	NVD	id:	CVE-2020-9090

LAST UPDATE DATE

2024-11-23T22:47:50.418000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187215	date:	2021-07-21T00:00:00
db:	VULMON	id:	CVE-2020-9090	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012143	date:	2021-04-26T07:54:00
db:	CNNVD	id:	CNNVD-202009-1695	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-9090	date:	2024-11-21T05:40:00.040

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187215	date:	2020-10-12T00:00:00
db:	VULMON	id:	CVE-2020-9090	date:	2020-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-012143	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202009-1695	date:	2020-09-30T00:00:00
db:	NVD	id:	CVE-2020-9090	date:	2020-10-12T14:15:14.073