Sign-up

ID

VAR-202007-1264


CVE

CVE-2020-9252


TITLE

plural Huawei Path traversal vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-008289

DESCRIPTION

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path. plural Huawei A past traversal vulnerability exists in smartphones.Information may be tampered with. Huawei Mate 20 and others are all smart phones of China's Huawei (Huawei) company. There are security vulnerabilities in many Huawei products. The vulnerability is caused by the program's failure to correctly verify the path name of the process

Trust: 2.16

sources: NVD: CVE-2020-9252 // JVNDB: JVNDB-2020-008289 // CNVD: CNVD-2020-52401

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52401

AFFECTED PRODUCTS

vendor:huaweimodel:magic2scope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:mate 20 xscope:ltversion:10.1.0.135\(c00e135r2p8\)

Trust: 1.0

vendor:huaweimodel:mate 20 rsscope:ltversion:10.1.0.160\(c786e160r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:10.1.0.160\(c00e160r3p8\)

Trust: 1.0

vendor:huaweimodel:magic 2scope:eqversion:10.1.0.160(c00e160r2p11)

Trust: 0.8

vendor:huaweimodel:mate 20 rsscope:eqversion:10.1.0.160(c786e160r3p8)

Trust: 0.8

vendor:huaweimodel:mate 20 xscope:eqversion:10.1.0.135(c00e135r2p8)

Trust: 0.8

vendor:huaweimodel:mate 20scope:eqversion:10.1.0.160(c00e160r3p8)

Trust: 0.8

vendor:huaweimodel:mate <10.1.0.160scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:mate pro <10.1.0.277scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:mate <10.1.0.135scope:eqversion:20x

Trust: 0.6

vendor:huaweimodel:mate rs porsche designscope:eqversion:20<10.1.0.160

Trust: 0.6

vendor:huaweimodel:honor magic2 <10.1.0.160scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-52401 // JVNDB: JVNDB-2020-008289 // NVD: CVE-2020-9252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9252
value: LOW

Trust: 1.0

NVD: JVNDB-2020-008289
value: LOW

Trust: 0.8

CNVD: CNVD-2020-52401
value: LOW

Trust: 0.6

CNNVD: CNNVD-202007-1112
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-9252
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008289
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52401
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9252
baseSeverity: LOW
baseScore: 2.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008289
baseSeverity: LOW
baseScore: 2.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52401 // JVNDB: JVNDB-2020-008289 // CNNVD: CNNVD-202007-1112 // NVD: CVE-2020-9252

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-008289 // NVD: CVE-2020-9252

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1112

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202007-1112

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008289

PATCH
title:huawei-sa-20200715-07-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en
Trust: 0.8
title:Patch for Path traversal vulnerabilities in multiple Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/234337
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52401 // 
            
            
            
            JVNDB: JVNDB-2020-008289

EXTERNAL IDS
db:NVDid:CVE-2020-9252
Trust: 3.0
db:JVNDBid:JVNDB-2020-008289
Trust: 0.8
db:CNVDid:CNVD-2020-52401
Trust: 0.6
db:CNNVDid:CNNVD-202007-1112
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52401 // 
            
            
            
            JVNDB: JVNDB-2020-008289 // 
            
            
            
            CNNVD: CNNVD-202007-1112 // 
            
            
            
            NVD: CVE-2020-9252

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-9252
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9252
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-07-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52401 // 
            
            
            
            JVNDB: JVNDB-2020-008289 // 
            
            
            
            CNNVD: CNNVD-202007-1112 // 
            
            
            
            NVD: CVE-2020-9252

SOURCES
db:CNVDid:CNVD-2020-52401
db:JVNDBid:JVNDB-2020-008289
db:CNNVDid:CNNVD-202007-1112
db:NVDid:CVE-2020-9252

LAST UPDATE DATE
2024-11-23T22:55:06.327000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52401date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-008289date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1112date:2021-01-05T00:00:00
db:NVDid:CVE-2020-9252date:2024-11-21T05:40:16.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52401date:2020-07-15T00:00:00
db:JVNDBid:JVNDB-2020-008289date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1112date:2020-07-15T00:00:00
db:NVDid:CVE-2020-9252date:2020-07-17T23:15:11.537