Lucene search

[email protected]CVE-2020-9247

HistoryDec 07, 2020 - 1:15 p.m.

CVE-2020-9247

2020-12-0713:15:00

CWE-120

[email protected]

web.nvd.nist.gov

huawei

buffer overflow

vulnerability

code execution

cve-2020-9247

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.9%

JSON

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

CPENameOperatorVersion
huawei:honor_20_pro_firmwarehuawei honor 20 pro firmwarelt10.1.0.230\(c432e9r5p1\)
huawei:mate_20_firmwarehuawei mate 20 firmwarelt10.1.0.160\(c00e160r3p8\)
huawei:mate_20_pro_firmwarehuawei mate 20 pro firmwarelt10.1.0.270\(c432e7r1p5\)
huawei:mate_20_x_firmwarehuawei mate 20 x firmwarelt10.1.0.160\(c00e160r2p8\)
huawei:p30_firmwarehuawei p30 firmwareeq9.1.0.272\(c635e4r2p2\)
huawei:p30_pro_firmwarehuawei p30 pro firmwarelt10.1.0.160\(c00e160r2p8\)
huawei:hima-l29c_firmwarehuawei hima-l29c firmwarelt10.1.0.273\(c185e5r2p4\)
huawei:laya-al00ep_firmwarehuawei laya-al00ep firmwarelt10.1.0.160\(c786e160r3p8\)
huawei:princeton-al10b_firmwarehuawei princeton-al10b firmwarelt10.1.0.160\(c00e160r2p11\)
huawei:tony-al00b_firmwarehuawei tony-al00b firmwarelt10.1.0.160\(c00e160r2p11\)

CPE	Name	Operator	Version
huawei:honor_20_pro_firmware	huawei honor 20 pro firmware	lt	10.1.0.230\(c432e9r5p1\)
huawei:mate_20_firmware	huawei mate 20 firmware	lt	10.1.0.160\(c00e160r3p8\)
huawei:mate_20_pro_firmware	huawei mate 20 pro firmware	lt	10.1.0.270\(c432e7r1p5\)
huawei:mate_20_x_firmware	huawei mate 20 x firmware	lt	10.1.0.160\(c00e160r2p8\)
huawei:p30_firmware	huawei p30 firmware	eq	9.1.0.272\(c635e4r2p2\)
huawei:p30_pro_firmware	huawei p30 pro firmware	lt	10.1.0.160\(c00e160r2p8\)
huawei:hima-l29c_firmware	huawei hima-l29c firmware	lt	10.1.0.273\(c185e5r2p4\)
huawei:laya-al00ep_firmware	huawei laya-al00ep firmware	lt	10.1.0.160\(c786e160r3p8\)
huawei:princeton-al10b_firmware	huawei princeton-al10b firmware	lt	10.1.0.160\(c00e160r2p11\)
huawei:tony-al00b_firmware	huawei tony-al00b firmware	lt	10.1.0.160\(c00e160r2p11\)

Rows per page:

1-10 of 281

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.9%

JSON

Related for CVE-2020-9247

cvelist1 huawei1 prion1