CVE-2020-9248 — Incorrect Authorization in Huawei Fusioncompute

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 92.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Fusioncompute

Timeline

PublishedJul 31

Latest updateMay 24

Description

Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5huawei/fusioncompute8.0.0

▶NVDhuawei/fusioncompute8.0.0

🔴Vulnerability Details

GHSA

GHSA-vw9w-fmv7-hq4h: Huawei FusionComput 8↗2022-05-24

▶

CVEList

CVE-2020-9248: Huawei FusionComput 8↗2020-07-31

▶