Main Vulnerability Database Vulnerabilities #VU48749

#VU48749 Permissions, Privileges, and Access Controls in Huawei products - CVE-2020-9137

Published: December 2, 2020

Vulnerability identifier: #VU48749

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-9137

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Huawei CloudEngine 12800
Huawei CloudEngine 5800
Huawei CloudEngine 6800
Huawei CloudEngine 7800

Software vendor:
Huawei

Description

The vulnerability allows a local administrator to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privilege-en