A vulnerability, which was classified as critical, was found in Huawei FusionComput 8.0.0. Affected is an unknown code of the component Authorization. The manipulation with an unknown input leads to a authorization vulnerability. CWE is classifying the issue as CWE-863. The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.

The weakness was published 07/31/2020 (Website). The advisory is shared for download at huawei.com. This vulnerability is traded as CVE-2020-9248 since 02/18/2020. The exploitability is told to be easy. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/31/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• Huawei

Name

• FusionComput

Version

• 8.0.0

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion