CVE-2020-9209

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

Published: Jan 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-9209
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
huawei / smc2.0_firmware	600r006c00spc700	600r006c00spc700.x
huawei / smc2.0_firmware	600r006c00spc800	600r006c00spc800.x
huawei / smc2.0_firmware	600r006c10spc500	600r006c10spc500.x
huawei / smc2.0_firmware	600r006c10spc600	600r006c10spc600.x
huawei / smc2.0_firmware	600r006c10spc601	600r006c10spc601.x
huawei / smc2.0_firmware	600r006c10spc602	600r006c10spc602.x
huawei / smc2.0_firmware	600r006c10spc700	600r006c10spc700.x
huawei / smc2.0_firmware	600r006c10spc800	600r006c10spc800.x
huawei / smc2.0_firmware	600r006c10spca00	600r006c10spca00.x
huawei / smc2.0_firmware	600r006c10spcb00	600r006c10spcb00.x
huawei / smc2.0_firmware	600r006c10spcc00	600r006c10spcc00.x
huawei / smc2.0_firmware	600r006c10spcd00	600r006c10spcd00.x
huawei / smc2.0_firmware	600r006c10spce00	600r006c10spce00.x
huawei / smc2.0_firmware	600r019c00	600r019c00.x
huawei / smc2.0_firmware	600r019c10	600r019c10.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en

Vulnerability Database

289,599

CVE-2020-9209