Details of VAR-202012-1398

ID

VAR-202012-1398

CVE

CVE-2020-9115

TITLE

ManageOne Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013934

DESCRIPTION

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. ManageOne Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei ManageOne is a set of cloud data center management solutions developed by China's Huawei (Huawei). The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis, and intelligent operation and maintenance

Trust: 1.71

sources: NVD: CVE-2020-9115 // JVNDB: JVNDB-2020-013934 // VULHUB: VHN-187240

AFFECTED PRODUCTS

vendor:	huawei	model:	manageone	scope:	eq	version:	8.0.1	Trust: 1.8
vendor:	huawei	model:	manageone	scope:	eq	version:	8.0.0	Trust: 1.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b010	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b040	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b030	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b050	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b020	Trust: 0.8

sources: JVNDB: JVNDB-2020-013934 // NVD: CVE-2020-9115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9115
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9115
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-1894
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187240
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9115
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-187240
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9115
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9115
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187240 // JVNDB: JVNDB-2020-013934 // CNNVD: CNNVD-202011-1894 // NVD: CVE-2020-9115

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-77	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-187240 // JVNDB: JVNDB-2020-013934 // NVD: CVE-2020-9115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1894

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1894

PATCH

title:	huawei-sa-20201125-01-commandinjection	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en	Trust: 0.8
title:	Huawei ManageOne Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135840	Trust: 0.6

sources: JVNDB: JVNDB-2020-013934 // CNNVD: CNNVD-202011-1894

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9115	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013934	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-1894	Trust: 0.7
db:	CNVD	id:	CNVD-2020-67086	Trust: 0.1
db:	VULHUB	id:	VHN-187240	Trust: 0.1

sources: VULHUB: VHN-187240 // JVNDB: JVNDB-2020-013934 // CNNVD: CNNVD-202011-1894 // NVD: CVE-2020-9115

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9115	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-cn	Trust: 0.6

sources: VULHUB: VHN-187240 // JVNDB: JVNDB-2020-013934 // CNNVD: CNNVD-202011-1894 // NVD: CVE-2020-9115

SOURCES

db:	VULHUB	id:	VHN-187240
db:	JVNDB	id:	JVNDB-2020-013934
db:	CNNVD	id:	CNNVD-202011-1894
db:	NVD	id:	CVE-2020-9115

LAST UPDATE DATE

2024-11-23T22:40:49.365000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187240	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-013934	date:	2021-07-16T01:54:00
db:	CNNVD	id:	CNNVD-202011-1894	date:	2020-12-07T00:00:00
db:	NVD	id:	CVE-2020-9115	date:	2024-11-21T05:40:04.293

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187240	date:	2020-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-013934	date:	2021-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202011-1894	date:	2020-11-25T00:00:00
db:	NVD	id:	CVE-2020-9115	date:	2020-12-01T00:15:11.320