Details of VAR-202012-1395

ID

VAR-202012-1395

CVE

CVE-2020-9208

TITLE

iManager NetEco 6000 Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014832

DESCRIPTION

There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. Huawei Imanager Neteco 6000 is a platform provided by China's Huawei (Huawei) to provide management methods for data center infrastructure. The platform can implement unified management for medium and large data centers and multi-data centers. Through U-level fine-grained management of assets in the data center, dynamic balance and optimization of power, cooling, space, network ports and other means can improve the resources in the data center. utilization rate

Trust: 1.71

sources: NVD: CVE-2020-9208 // JVNDB: JVNDB-2020-014832 // VULHUB: VHN-187333

AFFECTED PRODUCTS

vendor:	huawei	model:	imanager neteco 6000	scope:	eq	version:	v600r021c00	Trust: 1.8
vendor:	huawei	model:	imanager neteco 6000	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014832 // NVD: CVE-2020-9208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9208
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9208
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202012-1230
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-187333
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9208
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-187333
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9208
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9208
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187333 // JVNDB: JVNDB-2020-014832 // CNNVD: CNNVD-202012-1230 // NVD: CVE-2020-9208

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	Lack of authentication for important features (CWE-306) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-200	Trust: 0.1

sources: VULHUB: VHN-187333 // JVNDB: JVNDB-2020-014832 // NVD: CVE-2020-9208

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1230

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-1230

PATCH

title:	huawei-sa-20201216-01-neteco	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-neteco-en	Trust: 0.8
title:	Huawei Imanager Neteco 6000 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137382	Trust: 0.6

sources: JVNDB: JVNDB-2020-014832 // CNNVD: CNNVD-202012-1230

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9208	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-014832	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1230	Trust: 0.7
db:	CNVD	id:	CNVD-2022-47666	Trust: 0.1
db:	VULHUB	id:	VHN-187333	Trust: 0.1

sources: VULHUB: VHN-187333 // JVNDB: JVNDB-2020-014832 // CNNVD: CNNVD-202012-1230 // NVD: CVE-2020-9208

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-neteco-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9208	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201216-01-neteco-cn	Trust: 0.6

sources: VULHUB: VHN-187333 // JVNDB: JVNDB-2020-014832 // CNNVD: CNNVD-202012-1230 // NVD: CVE-2020-9208

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202012-1230

SOURCES

db:	VULHUB	id:	VHN-187333
db:	JVNDB	id:	JVNDB-2020-014832
db:	CNNVD	id:	CNNVD-202012-1230
db:	NVD	id:	CVE-2020-9208

LAST UPDATE DATE

2024-11-23T23:04:07.996000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187333	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-014832	date:	2021-09-01T05:40:00
db:	CNNVD	id:	CNNVD-202012-1230	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2020-9208	date:	2024-11-21T05:40:10.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187333	date:	2020-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-014832	date:	2021-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202012-1230	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-9208	date:	2020-12-29T18:15:13.400