CVE-2020-9209

CWE-862Missing AuthorizationCWE-269Improper Privilege Management3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 94.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Smc2.0 Firmware
Timeline
PublishedJan 13
Latest updateMay 24

Description

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5smc2.0V600R006C00SPC700,V600R006C00SPC800,V600R006C10SPC500,V600R006C10SPC600,V600R006C10SPC601,V600R006C10SPC602,V600R006C10SPC700,V600R006C10SPC800,V600R006C10SPCa00,V600R006C10SPCb00,V600R006C10SPCc00,V600R006C10SPCd00,V600R006C10SPCe00,V600R019C00,V600R019C10
NVDhuawei/smc2.0_firmware15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-wqm8-5876-3578: There is a privilege escalation vulnerability in SMC22022-05-24
CVEList
CVE-2020-9209: There is a privilege escalation vulnerability in SMC22021-01-13
CVE-2020-9209 (MEDIUM CVSS 6.7) | There is a privilege escalation vul | cvebase.io