Lucene search

K
cve[email protected]CVE-2020-9223
HistoryDec 29, 2020 - 6:15 p.m.

CVE-2020-9223

2020-12-2918:15:13
web.nvd.nist.gov
19
3
huawei
smartphones
denial of service
vulnerability
improper processing
remote attackers
dos

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module.

Affected configurations

NVD
Node
huaweihonor_20_pro_firmwareRange<10.1.0.230\(c432e9r5p1\)
AND
huaweihonor_20_proMatch-
Node
huaweihonor_20_pro_firmwareRange<10.1.0.231\(c10e3r3p2\)
AND
huaweihonor_20_proMatch-
Node
huaweihonor_20_pro_firmwareRange<10.1.0.231\(c185e3r5p1\)
AND
huaweihonor_20_proMatch-
Node
huaweihonor_20_pro_firmwareRange<10.1.0.231\(c636e3r3p1\)
AND
huaweihonor_20_proMatch-
Node
huaweiprinceton-al10d_firmwareRange<10.1.0.168\(c00e166r4p11\)
AND
huaweiprinceton-al10dMatch-
Node
huaweiyale-l21a_firmwareRange<10.1.0.230\(c432e9r5p1\)
AND
huaweiyale-l21aMatch-
Node
huaweiyale-l21a_firmwareRange<10.1.0.231\(c10e3r3p2\)
AND
huaweiyale-l21aMatch-
Node
huaweiyale-l21a_firmwareRange<10.1.0.231\(c185e2r2p1\)
AND
huaweiyale-l21aMatch-
Node
huaweiyale-l21a_firmwareRange<10.1.0.231\(c636e3r3p1\)
AND
huaweiyale-l21aMatch-
Node
huaweiyale-l61a_firmwareRange<10.1.0.225\(c432e3r1p2\)
AND
huaweiyale-l61aMatch-
Node
huaweiyale-l61a_firmwareRange<10.1.0.226\(c10e3r1p1\)
AND
huaweiyale-l61aMatch-

CNA Affected

[
  {
    "product": "HONOR 20 PRO",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.230(C432E9R5P1)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.231(C10E3R3P2)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.231(C185E3R5P1)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.231(C636E3R3P1)"
      }
    ]
  },
  {
    "product": "Princeton-AL10D",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.168(C00E166R4P11)"
      }
    ]
  },
  {
    "product": "Yale-L21A",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.230(C432E9R5P1)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.231(C10E3R3P2)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.231(C185E2R2P1)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.231(C636E3R3P1)"
      }
    ]
  },
  {
    "product": "Yale-L61A",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.225(C432E3R1P2)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.226(C10E3R1P1)"
      }
    ]
  }
]

Social References

More

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

Related for CVE-2020-9223