PT-2020-5962 · Huawei · Fusionsphere Openstack
Published
2020-06-17
·
Updated
2020-06-22
·
CVE-2020-9225
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FusionSphere OpenStack version 6.5.1
Description
The issue is related to improper permissions management. The software fails to correctly assign privileges when an actor attempts to perform an action, which could allow a user to perform operations beyond their assigned privilege. Successful exploitation may enable an attacker to elevate their privileges.
Recommendations
For FusionSphere OpenStack version 6.5.1, consider restricting access to sensitive operations until a proper fix is applied to ensure correct privilege assignment. As a temporary workaround, review and manually adjust user privileges to prevent unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fusionsphere Openstack