CVE-2020-9102 Information
Description
There is a information leak vulnerability in some Huawei products and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800 V200R003C00SPC810 V200R005C00SPC800 V200R005C10SPC800 V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800 V200R003C00SPC810 V200R005C00SPC800 V200R005C10SPC800 V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800 V200R003C00SPC810 V200R005C00SPC800 V200R005C10SPC800 V200R005C20SPC800 V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800 V200R003C00SPC810 V200R005C00SPC800 V200R005C10SPC800 V200R019C00SPC800
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Reference
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-en
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
3.3
Share on: