Details of VAR-202012-1399

ID

VAR-202012-1399

CVE

CVE-2020-9116

TITLE

Huawei FusionCompute Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013713

DESCRIPTION

Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Huawei FusionCompute Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Both Huawei FusionCompute and Huawei FusionCompute are products of the Chinese company Huawei. FusionCompute is a computer virtualization engine. The product provides Virtual Resource Manager (VRM) and Compute Node Agent (CNA), etc. Huawei FusionCompute is a software for virtualization support. The software is a virtualization engine that provides virtualization support for cloud hosts

Trust: 1.71

sources: NVD: CVE-2020-9116 // JVNDB: JVNDB-2020-013713 // VULHUB: VHN-187241

AFFECTED PRODUCTS

vendor:	huawei	model:	fusioncompute	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	6.5.1	Trust: 1.0
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	fusioncompute firmware 8.0.0	Trust: 0.8
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	fusioncompute firmware 6.5.1	Trust: 0.8
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013713 // NVD: CVE-2020-9116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9116
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9116
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-2094
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187241
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9116
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-187241
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9116
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9116
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187241 // JVNDB: JVNDB-2020-013713 // CNNVD: CNNVD-202011-2094 // NVD: CVE-2020-9116

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-187241 // JVNDB: JVNDB-2020-013713 // NVD: CVE-2020-9116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-2094

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202011-2094

PATCH

title:	huawei-sa-20201118-01-fusioncompute	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-fusioncompute-en	Trust: 0.8
title:	Huawei FusionCompute Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135881	Trust: 0.6

sources: JVNDB: JVNDB-2020-013713 // CNNVD: CNNVD-202011-2094

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9116	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013713	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-2094	Trust: 0.7
db:	CNVD	id:	CNVD-2020-68551	Trust: 0.1
db:	VULHUB	id:	VHN-187241	Trust: 0.1

sources: VULHUB: VHN-187241 // JVNDB: JVNDB-2020-013713 // CNNVD: CNNVD-202011-2094 // NVD: CVE-2020-9116

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-fusioncompute-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9116	Trust: 1.4

sources: VULHUB: VHN-187241 // JVNDB: JVNDB-2020-013713 // CNNVD: CNNVD-202011-2094 // NVD: CVE-2020-9116

SOURCES

db:	VULHUB	id:	VHN-187241
db:	JVNDB	id:	JVNDB-2020-013713
db:	CNNVD	id:	CNNVD-202011-2094
db:	NVD	id:	CVE-2020-9116

LAST UPDATE DATE

2024-11-23T22:11:10.101000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187241	date:	2020-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-013713	date:	2021-07-12T03:17:00
db:	CNNVD	id:	CNNVD-202011-2094	date:	2020-12-03T00:00:00
db:	NVD	id:	CVE-2020-9116	date:	2024-11-21T05:40:04.487

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187241	date:	2020-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-013713	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202011-2094	date:	2020-11-30T00:00:00
db:	NVD	id:	CVE-2020-9116	date:	2020-12-01T00:15:11.507