CVE-2020-9242: Command Injection
First published: Mon Aug 17 2020(Updated: )
FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei FusionCompute | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-9242?
CVE-2020-9242 is a command injection vulnerability in Huawei FusionCompute 8.0.0.
How does the vulnerability in FusionCompute 8.0.0 occur?
The vulnerability occurs due to insufficient validation of certain parameters post from the user.
What is the severity of CVE-2020-9242?
The severity of CVE-2020-9242 is high with a CVSS score of 8.8.
How can an attacker exploit CVE-2020-9242?
An authenticated attacker can launch a command injection attack by exploiting CVE-2020-9242.
Is there a fix available for CVE-2020-9242?
It is recommended to update to a patched version of Huawei FusionCompute to fix the CVE-2020-9242 vulnerability.
- collector/nvd-index
- vendor/huawei
- canonical/huawei fusioncompute
- version/huawei fusioncompute/8.0.0