Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

HWPSIRT-2020-05013:

Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Temporal Score: 5.5 (E:F/RL:O/RC:C)

HWPSIRT-2020-05065:

Base Score: 4.1 (AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

Temporal Score: 3.8 (E:F/RL:O/RC:C)

HWPSIRT-2020-05013:

This vulnerability can be exploited only when the following conditions are present:

The attacker may gain access the affected network.

Vulnerability details:

Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.

HWPSIRT-2020-05065:

This vulnerability can be exploited only when the following conditions are present:

Attackers may log in to the affected device using a high-privilege account.

Vulnerability details:

Due to the properly protection of certain information, local attackers may exploit this vulnerability to obtain certain information.

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities/index.htm

These vulnerabilities were discovered by Huawei internal tester.

None

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.