ID

VAR-202006-1715


CVE

CVE-2020-9074


TITLE

plural Huawei Vulnerability in handling exceptional conditions in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2020-006173

DESCRIPTION

Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. are all smartphones of the Chinese company Huawei. The vulnerability stems from the failure of the phone to properly handle exceptions

Trust: 2.16

sources: NVD: CVE-2020-9074 // JVNDB: JVNDB-2020-006173 // CNVD: CNVD-2020-36724

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-36724

AFFECTED PRODUCTS

vendor:huaweimodel:honor pro <=10.0.0.194scope:eqversion:20

Trust: 1.8

vendor:huaweimodel:honor view <=10.0.0.201scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.194\(c636e3r3p1\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.194\(c00e62r8p12\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.201\(c636e3r4p3\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.194\(c10e3r3p2\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.195\(c00e62r4p11\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.201\(c10e5r4p3\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:10.0.0.186\(c185e2r2p1\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.194\(c432e9r5p1\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.200\(c185e3r3p3\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:10.0.0.194\(c432e9r5p1\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor view 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor pro <=10.0.0.187scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor view <=10.0.0.200scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor view <=10.0.0.195scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor 20s <=10.0.0.186scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor 20s <=10.0.0.194scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-36724 // JVNDB: JVNDB-2020-006173 // NVD: CVE-2020-9074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9074
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006173
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-36724
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-412
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9074
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006173
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-36724
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9074
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006173
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-36724 // JVNDB: JVNDB-2020-006173 // CNNVD: CNNVD-202006-412 // NVD: CVE-2020-9074

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.8

sources: JVNDB: JVNDB-2020-006173 // NVD: CVE-2020-9074

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-412

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-412

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006173

PATCH

title:huawei-sa-20200603-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200603-01-smartphone-en

Trust: 0.8

title:Patch for Huawei Honor 20 PRO, Honor View 20 and Honor 20 mishandling vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/224813

Trust: 0.6

title:Huawei Honor 20 PRO , Honor View 20 and Honor 20 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120708

Trust: 0.6

sources: CNVD: CNVD-2020-36724 // JVNDB: JVNDB-2020-006173 // CNNVD: CNNVD-202006-412

EXTERNAL IDS

db:NVDid:CVE-2020-9074

Trust: 3.0

db:JVNDBid:JVNDB-2020-006173

Trust: 0.8

db:CNVDid:CNVD-2020-36724

Trust: 0.6

db:CNNVDid:CNNVD-202006-412

Trust: 0.6

sources: CNVD: CNVD-2020-36724 // JVNDB: JVNDB-2020-006173 // CNNVD: CNNVD-202006-412 // NVD: CVE-2020-9074

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200603-01-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9074

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200603-01-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9074

Trust: 0.8

sources: CNVD: CNVD-2020-36724 // JVNDB: JVNDB-2020-006173 // CNNVD: CNNVD-202006-412 // NVD: CVE-2020-9074

SOURCES

db:CNVDid:CNVD-2020-36724
db:JVNDBid:JVNDB-2020-006173
db:CNNVDid:CNNVD-202006-412
db:NVDid:CVE-2020-9074

LAST UPDATE DATE

2024-11-23T22:51:19.821000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-36724date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-006173date:2020-07-02T00:00:00
db:CNNVDid:CNNVD-202006-412date:2020-06-11T00:00:00
db:NVDid:CVE-2020-9074date:2024-11-21T05:39:58.737

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-36724date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-006173date:2020-07-02T00:00:00
db:CNNVDid:CNNVD-202006-412date:2020-06-03T00:00:00
db:NVDid:CVE-2020-9074date:2020-06-05T15:15:11.033