CVE-2020-9116Command Injection in Huawei Fusioncompute

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.5%
top 19.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Fusioncompute
Timeline
PublishedDec 1
Latest updateMay 24

Description

Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5huawei/fusioncompute6.5.1,8.0.0
NVDhuawei/fusioncompute6.5.1, 8.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-mm4v-hxm2-mccj: Huawei FusionCompute versions 62022-05-24
CVEList
CVE-2020-9116: Huawei FusionCompute versions 62020-11-30
CVE-2020-9116 — Command Injection in Huawei | cvebase