{"containers": {"cna": {"affected": [{"product": "CloudEngine 12800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R019C00SPC800"}]}, {"product": "CloudEngine 5800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R019C00SPC800"}]}, {"product": "CloudEngine 6800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R005C20SPC800"}, {"status": "affected", "version": "V200R019C00SPC800"}]}, {"product": "CloudEngine 7800", "vendor": "Huawei", "versions": [{"status": "affected", "version": "V200R019C00SPC800"}]}], "descriptions": [{"lang": "en", "value": "There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service."}], "problemTypes": [{"descriptions": [{"description": "Improper Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-29T17:57:18", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9207", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CloudEngine 12800", "version": {"version_data": [{"version_value": "V200R019C00SPC800"}]}}, {"product_name": "CloudEngine 5800", "version": {"version_data": [{"version_value": "V200R019C00SPC800"}]}}, {"product_name": "CloudEngine 6800", "version": {"version_data": [{"version_value": "V200R005C20SPC800"}, {"version_value": "V200R019C00SPC800"}]}}, {"product_name": "CloudEngine 7800", "version": {"version_data": [{"version_value": "V200R019C00SPC800"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:19.931Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9207", "datePublished": "2020-12-29T17:57:18", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2024-08-04T10:19:19.931Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "matchCriteriaId": "067ADFDC-B001-4270-9CA2-37F670B3BFAC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "matchCriteriaId": "BCFEB001-EFF7-47AC-B67E-7B807780F009", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:*:*:*:*:*:*:*", "matchCriteriaId": "AAC7C877-066F-4FB8-9AB7-D038CE6E5D8D", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "matchCriteriaId": "8D96A7C4-88BE-4353-AC75-AF6841EEB6F9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "matchCriteriaId": "BA12B395-7D70-445A-B0FD-47363787D1EE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en algunas versiones del producto Huawei CloudEngine. Un m\u00f3dulo no verifica apropiadamente el archivo de entrada. Unos atacantes pueden explotar esta vulnerabilidad al dise\u00f1ar archivos maliciosos para omitir el mecanismo de verificaci\u00f3n actual. Esto puede comprometer el servicio normal"}], "id": "CVE-2020-9207", "lastModified": "2024-11-21T05:40:10.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-29T18:15:13.337", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}