CVE-2020-9127 Information
Jun 07, 2022
cve
Description
Some Huawei products have a command injection vulnerability. Due to insufficient input validation an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30V500R001C60;NIP6600 versions V500R001C30V500R001C60;Secospace USG6300 versions V500R001C30V500R001C60;Secospace USG6500 versions V500R001C30V500R001C60;Secospace USG6600 versions V500R001C30V500R001C60;USG9500 versions V500R001C30V500R001C60.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-injection-en
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.7
Share on: