21 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

27 Dec 2024 — There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en • CWE-451: User Interface (UI) Misrepresentation of Critical Information •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

27 Dec 2024 — There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222. • https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-01-fc-en • CWE-269: Improper Privilege Management •

CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0

23 Nov 2021 — There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. Se presenta una vulnerabilidad de inyección de coman... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-cmd-en • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

23 Nov 2021 — There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Se presenta una vulnerabilidad de filtrado de información en FusionCompute versiones 6.5.1, eCNS280_TD V100R005C00 y V100R005C10. Debido al almacenamiento inapropiado de información específica en el archiv... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210818-01-informationleak-en • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

28 Sep 2021 — There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. Se presenta una vulnerabilidad de control de carga de archivos inapropiada en FusionCompute versiones 6.5.0, 6.5.1 y 8.0.0. Debido a una comprobación inapropiada del archivo que se va a subir y a que no se restringe estr... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-upload-en • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

28 Sep 2021 — There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Se presenta una vulnerabilidad de inyección de comandos en el módulo de servicio CMA de FusionCompute versiones 6.3.0, 6.... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-commandinjection-en • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

27 May 2021 — There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. Se presenta una vulnerabilidad de comprobación de entrada insuficiente en FusionCompute versión 8.0.0. Debido a que una comprobación de entrada es insuficiente, un atacante puede explotar esta vulnerabilidad para cargar cualquier archivo en el dispositi... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210506-01-inputvalidate-en • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

01 Dec 2020 — FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. Las versiones 6.3.0, 6.3.1, 6.5.0, 6.5.1 y 8.0.0 de FusionCompute tienen una vulnerabilidad de escalada de privilegios. Debido a una administración de privilegios inapropiada, un atacante con ... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-privilege-en • CWE-269: Improper Privilege Management •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

30 Nov 2020 — Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Las versiones 6.5.1 y 8.0.0 de Huawei FusionCompute tienen una vulnerabilidad de inyección de comandos. Un atacante remoto autenticado puede diseñar una petición específica para aprovechar esta vulnerabilidad. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-fusioncompute-en • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

12 Nov 2020 — FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. FusionCompute versiones 8.0.0, presentan una vulnerabilidad de algoritmo de cifrado no seguro. Los atacantes con permisos elevados pueden explotar esta vulnerabilidad para causar un filtrado de información • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201104-01-encryption-en • CWE-326: Inadequate Encryption Strength •