Main Vulnerability Database Vulnerabilities #VU48390

#VU48390 OS Command Injection in Huawei products - CVE-2020-9127

Published: November 12, 2020

Vulnerability identifier: #VU48390

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-9127

CWE-ID: CWE-78

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Huawei NIP6300
Huawei NIP6600
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
USG9500

Software vendor:
Huawei

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A local administrator attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-injection-en

#VU48390 OS Command Injection in Huawei products - CVE-2020-9127

Description

Remediation

External links

Please verify you're human