Information Leak Vulnerability in Huawei CloudEngine Products
CVE-2020-9102

3.3LOW

Key Information:

Vendor: Huawei
Status: Cloudengine 12800; Cloudengine 5800; Cloudengine 6800; Cloudengine 7800
Vendor: CVE Published:; 17 July 2020

Summary

An information leak vulnerability exists in certain Huawei CloudEngine products that may allow local attackers to access sensitive information. This vulnerability arises from inadequate handling of username data, which could potentially expose device information to unauthorized users. Affected versions span several models within the CloudEngine series, highlighting the need for users to apply available patches or mitigations to safeguard their systems.

Affected Version(s)

CloudEngine 12800 V200R002C50SPC800

CloudEngine 12800 V200R003C00SPC810

CloudEngine 12800 V200R005C00SPC800

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2020
Vulnerability Reserved
Feb 18, 2020