CVE-2020-9200

CWE-1236CWE-20Improper Input ValidationCWE-3885 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 80.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Imanager Neteco 6000
Timeline
PublishedDec 24
Latest updateMay 24

Description

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5imanager_neteco_6000V600R021C00

🔴Vulnerability Details

2
GHSA
GHSA-g6c2-ghr3-xmvw: There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C002022-05-24
CVEList
CVE-2020-9200: There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C002020-12-24

📋Vendor Advisories

2
Cisco
Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability2020-09-24
Cisco
Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability2020-09-24
CVE-2020-9200 (HIGH CVSS 7.8) | There has a CSV injection vulnerabi | cvebase.io