Lucene search

[email protected]CVE-2020-9252

HistoryJul 17, 2020 - 11:15 p.m.

CVE-2020-9252

2020-07-1723:15:11

CWE-22

[email protected]

web.nvd.nist.gov

cve-2020-9252

huawei

mate 20

mate 20 x

mate 20 rs

honor magic2

path traversal

vulnerability

nvd

exploit

security

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

2.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.

Affected configurations

NVD

Node

huaweimate_20Match-

AND

huaweimate_20_firmwareRange<10.1.0.160\(c00e160r3p8\)

Node

huaweimate_20_xMatch-

AND

huaweimate_20_x_firmwareRange<10.1.0.135\(c00e135r2p8\)

Node

huaweimate_20_rsMatch-

AND

huaweimate_20_rs_firmwareRange<10.1.0.160\(c786e160r3p8\)

Node

huaweimagic2_firmwareRange<10.1.0.160\(c00e160r2p11\)

AND

huaweimagic2Match-

CPENameOperatorVersion
huawei:mate_20_firmwarehuawei mate 20 firmwarelt10.1.0.160\(c00e160r3p8\)

CPE	Name	Operator	Version
huawei:mate_20_firmware	huawei mate 20 firmware	lt	10.1.0.160\(c00e160r3p8\)

CNA Affected

[
  {
    "product": "HUAWEI Mate 20",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.160(C00E160R3P8)"
      }
    ]
  },
  {
    "product": "HUAWEI Mate 20 X",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.135(C00E135R2P8)"
      }
    ]
  },
  {
    "product": "HUAWEI Mate 20 RS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.160(C786E160R3P8)"
      }
    ]
  },
  {
    "product": "Honor Magic2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

2.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

Related for CVE-2020-9252

nvd1 huawei1 prion1 cvelist1