Vulnerability Details CVE-2020-9115
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2020-9115
-
cpe:2.3:a:huawei:manageone:6.5.0
-
cpe:2.3:a:huawei:manageone:6.5.1.1
-
cpe:2.3:a:huawei:manageone:8.0.0
-
cpe:2.3:a:huawei:manageone:8.0.1