CVE-2020-9209
MEDIUMHuawei SMC2.0 Firmware - Privilege Escalation via Improper Directory Permissions
Title source: llmDescription
There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en
Scores
CVSS v3
6.7
EPSS
0.0002
EPSS Percentile
6.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (15)
huawei/smc2.0_firmware
v600r006c00spc700
huawei/smc2.0_firmware
v600r006c00spc800
huawei/smc2.0_firmware
v600r006c10spc500
huawei/smc2.0_firmware
v600r006c10spc600
huawei/smc2.0_firmware
v600r006c10spc601
huawei/smc2.0_firmware
v600r006c10spc602
huawei/smc2.0_firmware
v600r006c10spc700
huawei/smc2.0_firmware
v600r006c10spc800
huawei/smc2.0_firmware
v600r006c10spca00
huawei/smc2.0_firmware
v600r006c10spcb00
... and 5 more
Published
Jan 13, 2021
Tracked Since
Feb 18, 2026