Command Injection Vulnerability in FusionCompute (CVE-2020-9242)

Description

FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.

Impact

Successful exploit could allow an authenticated attacker to launch a command injection attack.

Mitigation

Huawei has released software updates to fix this vulnerability.

Product NameAffected VersionResolved Product and Version
FusionCompute8.0.08.0.0.SPC1

Reference:

Share