Details of VAR-202012-1408

ID

VAR-202012-1408

CVE

CVE-2020-9200

TITLE

Huawei of iManager NetEco 6000 In CSV Vulnerability in neutralizing math elements in files

Trust: 0.8

sources: JVNDB: JVNDB-2020-018297

DESCRIPTION

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. Huawei of iManager NetEco 6000 for, CSV A vulnerability exists regarding the neutralization of formula elements in files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei Imanager Neteco 6000 is a platform provided by China's Huawei (Huawei) to provide management methods for data center infrastructure. The platform can implement unified management for medium and large data centers and multi-data centers. Through U-level fine-grained management of assets in the data center, dynamic balance and optimization of power, cooling, space, network ports and other means can improve the resources in the data center. utilization rate

Trust: 1.71

sources: NVD: CVE-2020-9200 // JVNDB: JVNDB-2020-018297 // VULHUB: VHN-187325

AFFECTED PRODUCTS

vendor:	huawei	model:	imanager neteco 6000	scope:	eq	version:	v600r021c00	Trust: 1.8
vendor:	huawei	model:	imanager neteco 6000	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	imanager neteco 6000	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-018297 // NVD: CVE-2020-9200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9200
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9200
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-798
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187325
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9200
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-187325
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9200
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9200
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187325 // JVNDB: JVNDB-2020-018297 // CNNVD: CNNVD-202012-798 // NVD: CVE-2020-9200

PROBLEMTYPE DATA

problemtype:	CWE-1236	Trust: 1.0
problemtype:	CSV Improper neutralization of math elements in the file (CWE-1236) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018297 // NVD: CVE-2020-9200

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-798

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202012-798

PATCH

title:

Huawei Imanager Neteco 6000 Repair measures for injecting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138055

Trust: 0.6

sources: CNNVD: CNNVD-202012-798

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9200	Trust: 3.3
db:	JVNDB	id:	JVNDB-2020-018297	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-798	Trust: 0.7
db:	VULHUB	id:	VHN-187325	Trust: 0.1

sources: VULHUB: VHN-187325 // JVNDB: JVNDB-2020-018297 // CNNVD: CNNVD-202012-798 // NVD: CVE-2020-9200

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9200	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-cn	Trust: 0.6

sources: VULHUB: VHN-187325 // JVNDB: JVNDB-2020-018297 // CNNVD: CNNVD-202012-798 // NVD: CVE-2020-9200

SOURCES

db:	VULHUB	id:	VHN-187325
db:	JVNDB	id:	JVNDB-2020-018297
db:	CNNVD	id:	CNNVD-202012-798
db:	NVD	id:	CVE-2020-9200

LAST UPDATE DATE

2024-11-23T22:40:49.341000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187325	date:	2020-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-018297	date:	2024-07-18T10:27:00
db:	CNNVD	id:	CNNVD-202012-798	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-9200	date:	2024-11-21T05:40:08.917

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187325	date:	2020-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-018297	date:	2024-07-18T00:00:00
db:	CNNVD	id:	CNNVD-202012-798	date:	2020-12-09T00:00:00
db:	NVD	id:	CVE-2020-9200	date:	2020-12-24T16:15:16.087