CVE-2020-9225

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 94.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Fusionsphere Openstack

Timeline

PublishedJun 18

Latest updateMay 24

Description

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fusionsphere_openstack6.5.1

▶NVDhuawei/fusionsphere_openstack6.5.1

🔴Vulnerability Details

GHSA

GHSA-vpqm-qcm6-93g3: FusionSphere OpenStack 6↗2022-05-24

▶

CVEList

CVE-2020-9225: FusionSphere OpenStack 6↗2020-06-18

▶