CVE-2020-9200

EPSS 0.06%
Veröffentlicht 24.12.2020 16:15:16
Zuletzt bearbeitet 21.11.2024 05:40:08
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Imanager Neteco 6000 Versionv600r021c00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.164

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-9200

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9200

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9200

EUVD