6.7

CVE-2020-9209

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

Data is provided by the National Vulnerability Database (NVD)
HuaweiSmc2.0 Firmware Versionv600r006c00spc700
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c00spc800
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spc500
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spc600
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spc601
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spc602
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spc700
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spc800
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spca00
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spcb00
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spcc00
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spcd00
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r006c10spce00
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r019c00
   HuaweiSmc2.0 Version-
HuaweiSmc2.0 Firmware Versionv600r019c10
   HuaweiSmc2.0 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.033
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.