Command Injection Vulnerability in FusionCompute (CVE-2020-9242)
by CIRT Team
Description
FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.
Impact
Successful exploit could allow an authenticated attacker to launch a command injection attack.
Mitigation
Huawei has released software updates to fix this vulnerability.
| Product Name | Affected Version | Resolved Product and Version |
| FusionCompute | 8.0.0 | 8.0.0.SPC1 |
Reference:
- MISC:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-compute-en
- URL:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-compute-en
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9242
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
