Lucene search

Huawei TechnologiesHUAWEI-SA-20200909-04-SMARTPHONE

HistorySep 09, 2020 - 12:00 a.m.

Security Advisory - Information Leak Vulnerability in Huawei Smartphone

2020-09-0900:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

JSON

There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2018-03100) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9239.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200909-04-smartphone-en

Affected configurations

Vulners

Node

huaweibla-a09Match8.0.0.123

huaweibla-a09Range<8.0.0.123

huaweibla-tl00bRange<8.1.0.326

huaweiberkeley-l09Range<8.0.0.163

huaweiberkeley-l09Range<8.0.0.172

huaweiduke-l09Matchduke-l09c10b187

huaweiduke-l09Matchduke-l09c432b189

huaweiduke-l09Matchduke-l09c636b189

huaweihuawei_p20Range<8.0.1.16

huaweihuawei_p20Range<8.1.0.152

huaweijimmy-tl00aRange<Jimmy-AL00AC00B172

huaweilon-l29dMatchlon-l29dc721b192

huaweineo-al00dRange<8.1.0.172

huaweistanford-l09Matchstanford-al00c00b123

huaweitorontoRange<Toronto-AL00AC00B225

huaweitoronto-tl10Range<Toronto-TL10C01B225

CPENameOperatorVersion
bla-a09eq8.0.0.123
bla-a09lt8.0.0.123
bla-a09lt8.0.0.123
bla-tl00blt8.1.0.326
berkeley-l09lt8.0.0.163
berkeley-l09lt8.0.0.163
berkeley-l09lt8.0.0.163
berkeley-l09lt8.0.0.172
duke-l09eqDuke-L09C10B187
duke-l09eqDuke-L09C432B189

Name	Operator	Version
bla-a09	eq	8.0.0.123
bla-a09	lt	8.0.0.123
bla-a09	lt	8.0.0.123
bla-tl00b	lt	8.1.0.326
berkeley-l09	lt	8.0.0.163
berkeley-l09	lt	8.0.0.163
berkeley-l09	lt	8.0.0.163
berkeley-l09	lt	8.0.0.172
duke-l09	eq	Duke-L09C10B187
duke-l09	eq	Duke-L09C432B189

Rows per page:

1-10 of 201

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for HUAWEI-SA-20200909-04-SMARTPHONE