CVE-2020-9207

Description

There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service.

Affected products

• Huawei / CloudEngine 12800V200R019C00SPC800 – V200R019C00SPC800
• Huawei / CloudEngine 5800V200R019C00SPC800 – V200R019C00SPC800
• Huawei / CloudEngine 6800V200R005C20SPC800 – V200R005C20SPC800
• Huawei / CloudEngine 6800V200R019C00SPC800 – V200R019C00SPC800
• Huawei / CloudEngine 7800V200R019C00SPC800 – V200R019C00SPC800

References

• VENDOR_ADVISORYhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en