What is CVE-2020-9115?

CVE-2020-9115 is a command injection vulnerability in Huawei ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.1.B050, 8.0.0, and 8.0.1.

How severe is CVE-2020-9115?

CVE-2020-9115 has a severity value of 7.2, which is considered critical.

What is the affected software?

The affected software is Huawei ManageOne versions 6.5.0, 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.1.B050, 8.0.0, and 8.0.1.

How can an attacker exploit CVE-2020-9115?

An attacker with high privileges can exploit CVE-2020-9115 through some operations on the plug-in component.

Is there a fix available for CVE-2020-9115?

To fix CVE-2020-9115, it is recommended to apply the patches provided by Huawei.

Vulnerability/
CVE-2020-9115

critical

CWE

20 77

30/11/2020

4/8/2024

CVE-2020-9115: Input Validation

First published: Mon Nov 30 2020(Updated: )

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei ManageOne	=6.5.0
Huawei ManageOne	=6.5.1.1-b010
Huawei ManageOne	=6.5.1.1-b020
Huawei ManageOne	=6.5.1.1-b030
Huawei ManageOne	=6.5.1.1-b040
Huawei ManageOne	=6.5.1.1-b050
Huawei ManageOne	=8.0.0
Huawei ManageOne	=8.0.1

Never miss a vulnerability like this again

Reference Links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en

Frequently Asked Questions

What is CVE-2020-9115?
CVE-2020-9115 is a command injection vulnerability in Huawei ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.1.B050, 8.0.0, and 8.0.1.
How severe is CVE-2020-9115?
CVE-2020-9115 has a severity value of 7.2, which is considered critical.
What is the affected software?
The affected software is Huawei ManageOne versions 6.5.0, 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.1.B050, 8.0.0, and 8.0.1.
How can an attacker exploit CVE-2020-9115?
An attacker with high privileges can exploit CVE-2020-9115 through some operations on the plug-in component.
Is there a fix available for CVE-2020-9115?
To fix CVE-2020-9115, it is recommended to apply the patches provided by Huawei.

collector/nvd-index
agent/weakness
agent/severity
agent/author
agent/type
agent/tags
agent/event
agent/references
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/huawei
canonical/huawei manageone
version/huawei manageone/6.5.0
version/huawei manageone/6.5.1.1-b010
version/huawei manageone/6.5.1.1-b020
version/huawei manageone/6.5.1.1-b030
version/huawei manageone/6.5.1.1-b040
version/huawei manageone/6.5.1.1-b050
version/huawei manageone/8.0.0
version/huawei manageone/8.0.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.