CVE-2020-9236

There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:huawei:fusioncompute:8.0.0:*:*:*:*:*:*:*

History

14 Jan 2025, 18:35

Type	Values Removed	Values Added
References	~~() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en -~~	() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:huawei:fusioncompute:8.0.0:::::::*
Summary		(es) Existe una vulnerabilidad de diseño de interfaz incorrecta en un producto de Huawei. La interfaz de un módulo del producto afectado no gestiona correctamente algunas operaciones. Los atacantes pueden aprovechar esta vulnerabilidad para realizar operaciones maliciosas que pongan en peligro el servicio del módulo. (ID de vulnerabilidad: HWPSIRT-2020-05010) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposición común (CVE): CVE-2020-9236.
First Time		Huawei fusioncompute Huawei

27 Dec 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 10:15

Updated : 2025-01-14 18:35

NVD link : CVE-2020-9236

Mitre link : CVE-2020-9236

CVE.ORG link : CVE-2020-9236

JSON object : View

Products Affected

huawei

fusioncompute

CWE

CWE-451

User Interface (UI) Misrepresentation of Critical Information

NVD-CWE-noinfo

{"id": "CVE-2020-9236", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@huawei.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-12-27T10:15:15.930", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@huawei.com", "description": [{"lang": "en", "value": "CWE-451"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010)\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236."}, {"lang": "es", "value": "Existe una vulnerabilidad de dise\u00f1o de interfaz incorrecta en un producto de Huawei. La interfaz de un m\u00f3dulo del producto afectado no gestiona correctamente algunas operaciones. Los atacantes pueden aprovechar esta vulnerabilidad para realizar operaciones maliciosas que pongan en peligro el servicio del m\u00f3dulo. (ID de vulnerabilidad: HWPSIRT-2020-05010) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposici\u00f3n com\u00fan (CVE): CVE-2020-9236."}], "lastModified": "2025-01-14T18:35:32.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:fusioncompute:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D251AD0-6227-4190-815F-B526F40D8A43"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}