CVE-2020-9137

MEDIUM WAF: Medium
CVSS 6.7 Published: 2020-12-24
CWE-20

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.

WAF Coverage Analysis

Improper Input Validation Medium WAF Coverage

OWASP: A03:2021 Injection

920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection

Affected Software

VendorProductVersion
huaweicloudengine_12800_firmwarev200r002c50spc800
huaweicloudengine_12800_firmwarev200r003c00spc810
huaweicloudengine_12800_firmwarev200r005c00spc800
huaweicloudengine_12800_firmwarev200r005c10spc800
huaweicloudengine_12800_firmwarev200r019c00spc800
huaweicloudengine_12800_firmwarev200r019c10spc800
huaweicloudengine_5800_firmwarev200r002c50spc800
huaweicloudengine_5800_firmwarev200r003c00spc810
huaweicloudengine_5800_firmwarev200r005c00spc800
huaweicloudengine_5800_firmwarev200r005c10spc800

References

Back to CVE Database