CVE-2020-9116: Command Injection
First published: Tue Dec 01 2020(Updated: )
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei FusionCompute | =6.5.1 | |
| Huawei FusionCompute | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability in Huawei FusionCompute?
The vulnerability ID is CVE-2020-9116.
What versions of Huawei FusionCompute are affected by this command injection vulnerability?
Versions 6.5.1 and 8.0.0 of Huawei FusionCompute are affected by this vulnerability.
How can an attacker exploit this vulnerability?
An authenticated, remote attacker can craft specific requests to exploit this vulnerability.
What is the severity of CVE-2020-9116?
The severity of CVE-2020-9116 is high with a CVSS score of 7.2.
How can I fix this command injection vulnerability in Huawei FusionCompute?
To fix this vulnerability, it is recommended to apply the security patch provided by Huawei. Please refer to the official security advisory for more details.
- collector/nvd-index
- vendor/huawei
- canonical/huawei fusioncompute
- version/huawei fusioncompute/6.5.1
- version/huawei fusioncompute/8.0.0