CVE-2020-9137

Vulnerability

A privilege escalation vulnerability exists in Huawei CloudEngine 12800, 5800, 6800, and 7800 series switches. Due to insufficient input validation, a local attacker with high privileges (e.g., administrative access) can execute specially crafted scripts on the affected devices. Affected versions include CloudEngine 12800 V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800, and others, as listed in the advisory [1]. Resolved versions are V200R005C10SPC800+V200R005SPH026 for some versions and V200R019C10SPC800+V200R019SPH006 for others [1].

Exploitation

The attacker must have local access to the device and already possess high privileges (e.g., root or administrator). The exploitation requires the attacker to execute a crafted script that takes advantage of the insufficient input validation. No user interaction is needed beyond the attacker's own actions, and no network-based exploitation is possible since it is a local attack [1].

Impact

Successful exploitation allows the attacker to escalate their privileges further within the affected device. The exact privilege gain is not specified in the advisory, but it implies the attacker could achieve the highest level of control, potentially allowing full compromise of the switch's configuration and operations [1].

Mitigation

Huawei has released software updates to fix this vulnerability. For CloudEngine 12800 V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, and V200R005C10SPC800, the fix is included in version V200R005C10SPC800+V200R005SPH026. For V200R019C00SPC800, the fix is in V200R019C10SPC800+V200R019SPH006 [1]. Administrators should upgrade to the respective resolved versions. No workarounds are mentioned in the advisory.