CVE-2020-9225

Published: Jun 18, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.

Affected (1)

Products: Huawei: Fusionsphere Openstack

1 product

Fusionsphere Openstack

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Fusionsphere Openstack	Version 6.5.1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-01-fusionsphere-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-01-fusionsphere-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.