What is CVE-2020-9209?

CVE-2020-9209 is a privilege escalation vulnerability in the SMC2.0 product.

How does CVE-2020-9209 work?

CVE-2020-9209 allows attackers to exploit a directory traversal vulnerability to craft malicious files and escalate privileges.

Which versions of Huawei SMC2.0 Firmware are affected by CVE-2020-9209?

Huawei SMC2.0 Firmware versions v600r006c00spc700 to v600r019c10 are affected by CVE-2020-9209.

What is the severity of CVE-2020-9209?

The severity of CVE-2020-9209 is medium, with a CVSS score of 6.7.

Is there a fix available for CVE-2020-9209?

Yes, Huawei has released a security advisory with information on mitigations and patches for CVE-2020-9209.

Vulnerability/
CVE-2020-9209

medium

6.7

CWE

862

13/1/2021

4/8/2024

CVE-2020-9209

First published: Wed Jan 13 2021(Updated: )

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Smc2.0 Firmware	=v600r006c00spc700
Huawei Smc2.0 Firmware	=v600r006c00spc800
Huawei Smc2.0 Firmware	=v600r006c10spc500
Huawei Smc2.0 Firmware	=v600r006c10spc600
Huawei Smc2.0 Firmware	=v600r006c10spc601
Huawei Smc2.0 Firmware	=v600r006c10spc602
Huawei Smc2.0 Firmware	=v600r006c10spc700
Huawei Smc2.0 Firmware	=v600r006c10spc800
Huawei Smc2.0 Firmware	=v600r006c10spca00
Huawei Smc2.0 Firmware	=v600r006c10spcb00
Huawei Smc2.0 Firmware	=v600r006c10spcc00
Huawei Smc2.0 Firmware	=v600r006c10spcd00
Huawei Smc2.0 Firmware	=v600r006c10spce00
Huawei Smc2.0 Firmware	=v600r019c00
Huawei Smc2.0 Firmware	=v600r019c10
Huawei SMC2.0

Never miss a vulnerability like this again

Reference Links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en

Frequently Asked Questions

What is CVE-2020-9209?
CVE-2020-9209 is a privilege escalation vulnerability in the SMC2.0 product.
How does CVE-2020-9209 work?
CVE-2020-9209 allows attackers to exploit a directory traversal vulnerability to craft malicious files and escalate privileges.
Which versions of Huawei SMC2.0 Firmware are affected by CVE-2020-9209?
Huawei SMC2.0 Firmware versions v600r006c00spc700 to v600r019c10 are affected by CVE-2020-9209.
What is the severity of CVE-2020-9209?
The severity of CVE-2020-9209 is medium, with a CVSS score of 6.7.
Is there a fix available for CVE-2020-9209?
Yes, Huawei has released a security advisory with information on mitigations and patches for CVE-2020-9209.

collector/nvd-index
agent/severity
agent/references
agent/author
agent/tags
agent/weakness
agent/description
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/huawei
canonical/huawei smc2.0 firmware
version/huawei smc2.0 firmware/v600r006c00spc700
version/huawei smc2.0 firmware/v600r006c00spc800
version/huawei smc2.0 firmware/v600r006c10spc500
version/huawei smc2.0 firmware/v600r006c10spc600
version/huawei smc2.0 firmware/v600r006c10spc601
version/huawei smc2.0 firmware/v600r006c10spc602
version/huawei smc2.0 firmware/v600r006c10spc700
version/huawei smc2.0 firmware/v600r006c10spc800
version/huawei smc2.0 firmware/v600r006c10spca00
version/huawei smc2.0 firmware/v600r006c10spcb00
version/huawei smc2.0 firmware/v600r006c10spcc00
version/huawei smc2.0 firmware/v600r006c10spcd00
version/huawei smc2.0 firmware/v600r006c10spce00
version/huawei smc2.0 firmware/v600r019c00
version/huawei smc2.0 firmware/v600r019c10
canonical/huawei smc2.0