CVE-2020-9115
HIGHHuawei ManageOne 6.5.1.1.B010-6.5.1.1.B050, 8.0.0, 8.0.1 - Authenticated Command Injection via Plugin Component
Title source: llmDescription
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en
Scores
CVSS v3
7.2
EPSS
0.0082
EPSS Percentile
74.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-77
Status
published
Products (4)
huawei/manageone
6.5.0
huawei/manageone
6.5.1.1 b010 (5 CPE variants)
huawei/manageone
8.0.0
huawei/manageone
8.0.1
Published
Dec 01, 2020
Tracked Since
Feb 18, 2026