Lucene search

Huawei TechnologiesHUAWEI-SA-20200729-03-SMARTPHONE

HistoryJul 29, 2020 - 12:00 a.m.

Security Advisory - Buffer Overflow Vulnerability in Several Smartphones

2020-07-2900:00:00

Huawei Technologies

www.huawei.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.3%

JSON

There is a buffer overflow vulnerability in several products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. (Vulnerability ID: HWPSIRT-2020-03113)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9247.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en

Affected configurations

Vulners

Node

huaweihonor_20Range<10.1.0.230

huaweihonor_20Range<10.1.0.231

huaweimate_s_firmwareRange<10.1.0.160

huaweimate_9_proRange<10.1.0.270

huaweimate_9_proRange<10.1.0.273

huaweimate_9_proRange<10.1.0.277

huaweimate_s_firmwareRange<10.1.0.160

huaweihuawei_p30Match9.1.0.272

huaweihuawei_p30Range<10.1.0.123

huaweihuawei_p30Range<10.1.0.126

huaweihuawei_p30Range<10.1.0.160

huaweihima-l29cRange<10.1.0.273

huaweihima-l29cRange<10.1.0.275

huaweilaya-al00epRange<10.1.0.160

huaweiprinceton-al10bRange<10.1.0.160

huaweitony-al00bRange<10.1.0.160

huaweiyale-l61aRange<10.1.0.225

huaweiyale-l61aRange<10.1.0.226

huaweiyale-tl00bRange<10.1.0.160

huaweiyalep-al10bRange<10.1.0.160

CPENameOperatorVersion
honor 20 prolt10.1.0.230
honor 20 prolt10.1.0.231
huawei mate 20lt10.1.0.160
huawei mate 20 prolt10.1.0.270
huawei mate 20 prolt10.1.0.270
huawei mate 20 prolt10.1.0.273
huawei mate 20 prolt10.1.0.273
huawei mate 20 prolt10.1.0.277
huawei mate 20 prolt10.1.0.277
huawei mate 20 xlt10.1.0.160

Name	Operator	Version
honor 20 pro	lt	10.1.0.230
honor 20 pro	lt	10.1.0.231
huawei mate 20	lt	10.1.0.160
huawei mate 20 pro	lt	10.1.0.270
huawei mate 20 pro	lt	10.1.0.270
huawei mate 20 pro	lt	10.1.0.273
huawei mate 20 pro	lt	10.1.0.273
huawei mate 20 pro	lt	10.1.0.277
huawei mate 20 pro	lt	10.1.0.277
huawei mate 20 x	lt	10.1.0.160

Rows per page:

1-10 of 281

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for HUAWEI-SA-20200729-03-SMARTPHONE