CVE-2020-9208 — Missing Authentication for Critical Function in Huawei Imanager Neteco 6000

CWE-306 — Missing Authentication for Critical Function CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 72.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Imanager Neteco 6000

Timeline

PublishedDec 29

Latest updateMay 24

Description

There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5huawei/imanager_neteco_6000V600R021C00

▶NVDhuawei/imanager_neteco_6000v600r021c00

🔴Vulnerability Details

GHSA

GHSA-vvq3-v6fg-g5vw: There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00↗2022-05-24

▶

CVEList

CVE-2020-9208: There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00↗2020-12-29

▶