Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-9102

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800

Published

2020-07-17T23:15:11.397

Last Modified

2024-11-21T05:40:02.287

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	cloudengine_12800_firmware	v200r002c50spc800	Yes
Operating System	huawei	cloudengine_12800_firmware	v200r003c00spc810	Yes
Operating System	huawei	cloudengine_12800_firmware	v200r005c00spc800	Yes
Operating System	huawei	cloudengine_12800_firmware	v200r005c10spc800	Yes
Operating System	huawei	cloudengine_12800_firmware	v200r019c00spc800	Yes
Hardware	huawei	cloudengine_12800	-	No
Operating System	huawei	cloudengine_5800_firmware	v200r002c50spc800	Yes
Operating System	huawei	cloudengine_5800_firmware	v200r003c00spc810	Yes
Operating System	huawei	cloudengine_5800_firmware	v200r005c00spc800	Yes
Operating System	huawei	cloudengine_5800_firmware	v200r005c10spc800	Yes
Operating System	huawei	cloudengine_5800_firmware	v200r019c00spc800	Yes
Hardware	huawei	cloudengine_5800	-	No
Operating System	huawei	cloudengine_6800_firmware	v200r002c50spc800	Yes
Operating System	huawei	cloudengine_6800_firmware	v200r003c00spc810	Yes
Operating System	huawei	cloudengine_6800_firmware	v200r005c00spc800	Yes
Operating System	huawei	cloudengine_6800_firmware	v200r005c10spc800	Yes
Operating System	huawei	cloudengine_6800_firmware	v200r005c20spc800	Yes
Operating System	huawei	cloudengine_6800_firmware	v200r019c00spc800	Yes
Hardware	huawei	cloudengine_6800	-	No
Operating System	huawei	cloudengine_7800_firmware	v200r002c50spc800	Yes
Operating System	huawei	cloudengine_7800_firmware	v200r003c00spc810	Yes
Operating System	huawei	cloudengine_7800_firmware	v200r005c00spc800	Yes
Operating System	huawei	cloudengine_7800_firmware	v200r005c10spc800	Yes
Operating System	huawei	cloudengine_7800_firmware	v200r019c00spc800	Yes
Hardware	huawei	cloudengine_7800	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)