Fusioncompute Huawei Fusioncompute

Do you want an email whenever new security vulnerabilities are reported in Huawei Fusioncompute?

By the Year

In 2021 there have been 5 vulnerabilities in Huawei Fusioncompute with an average score of 6.7 out of ten. Last year Fusioncompute had 3 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.19.

Year Vulnerabilities Average Score
2021 5 6.66
2020 3 6.47
2019 0 0.00
2018 0 0.00

It may take a day or so for new Fusioncompute vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Fusioncompute Security Vulnerabilities

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file

CVE-2021-37102 8.8 - High - November 23, 2021

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0.

Command Injection

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10

CVE-2021-37036 5.5 - Medium - November 23, 2021

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak.

Information Disclosure

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0

CVE-2021-37106 7.2 - High - September 28, 2021

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system.

Shell injection

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0

CVE-2021-37105 7.5 - High - September 28, 2021

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.

Unrestricted File Upload

There is an insufficient input validation vulnerability in FusionCompute 8.0.0

CVE-2021-22358 4.3 - Medium - May 27, 2021

There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal.

Improper Input Validation

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability

CVE-2020-9114 7.8 - High - December 01, 2020

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.

Improper Privilege Management

Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability

CVE-2020-9116 7.2 - High - December 01, 2020

Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.

Command Injection

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability

CVE-2020-9128 4.4 - Medium - November 12, 2020

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.

Inadequate Encryption Strength

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Huawei Fusioncompute or by Huawei? Click the Watch button to subscribe.

Huawei
Vendor

subscribe