CVE-2020-9137

moderate-risk
Published 2020-12-24

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Cloudengine 5800 Firmware
Cloudengine 5800 Firmware
Cloudengine 5800 Firmware
Cloudengine 5800 Firmware
Cloudengine 5800 Firmware
Cloudengine 5800 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privil...
Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privil...
42
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 21/34 · High