CVE-2020-9115

EUVD-2020-29944
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
huaweimanageone
6.5.0
huaweimanageone
6.5.1.1:b010
huaweimanageone
6.5.1.1:b020
huaweimanageone
6.5.1.1:b030
huaweimanageone
6.5.1.1:b040
huaweimanageone
6.5.1.1:b050
huaweimanageone
8.0.0
huaweimanageone
8.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en