Details of VAR-202011-1301

ID

VAR-202011-1301

CVE

CVE-2020-9127

TITLE

plural Huawei Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-013581

DESCRIPTION

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. plural Huawei The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-9127 // JVNDB: JVNDB-2020-013581

AFFECTED PRODUCTS

vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013581 // NVD: CVE-2020-9127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9127
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9127
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-937
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9127
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-9127
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9127
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-013581 // CNNVD: CNNVD-202011-937 // NVD: CVE-2020-9127

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013581 // NVD: CVE-2020-9127

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-937

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202011-937

PATCH

title:	huawei-sa-20201111-02-injection	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-injection-en	Trust: 0.8
title:	Repair measures for command injection vulnerabilities in some Huawei products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135451	Trust: 0.6

sources: JVNDB: JVNDB-2020-013581 // CNNVD: CNNVD-202011-937

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9127	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-013581	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-937	Trust: 0.6

sources: JVNDB: JVNDB-2020-013581 // CNNVD: CNNVD-202011-937 // NVD: CVE-2020-9127

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-injection-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9127	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201111-02-injection-cn	Trust: 0.6

sources: JVNDB: JVNDB-2020-013581 // CNNVD: CNNVD-202011-937 // NVD: CVE-2020-9127

CREDITS

huawei-sa-20201111-02-injection

Trust: 0.6

sources: CNNVD: CNNVD-202011-937

SOURCES

db:	JVNDB	id:	JVNDB-2020-013581
db:	CNNVD	id:	CNNVD-202011-937
db:	NVD	id:	CVE-2020-9127

LAST UPDATE DATE

2024-11-23T22:05:19.394000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-013581	date:	2021-07-08T07:56:00
db:	CNNVD	id:	CNNVD-202011-937	date:	2021-07-12T00:00:00
db:	NVD	id:	CVE-2020-9127	date:	2024-11-21T05:40:06.217

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-013581	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202011-937	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-9127	date:	2020-11-13T15:15:13.220