ID

VAR-202007-1265


CVE

CVE-2020-9254


TITLE

HUAWEI P30 Pro Injection vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-008290

DESCRIPTION

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. HUAWEI P30 Pro There is an injection vulnerability in smartphones.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei P30 Pro is a smart phone of China's Huawei (Huawei) company. Attackers can use malicious applications to exploit this vulnerability to execute code

Trust: 2.16

sources: NVD: CVE-2020-9254 // JVNDB: JVNDB-2020-008290 // CNVD: CNVD-2020-46473

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46473

AFFECTED PRODUCTS

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.126\(c10e11r5p1\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.123\(c432e19r2p5patch02\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:eqversion:10.1.0.123(c432e19r2p5patch02)

Trust: 0.8

vendor:huaweimodel:p30 proscope:eqversion:10.1.0.126(c10e11r5p1)

Trust: 0.8

vendor:huaweimodel:p30 proscope:eqversion:10.1.0.160(c00e160r2p8)

Trust: 0.8

vendor:huaweimodel:p30 pro <10.1.0.123scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <10.1.0.126scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <10.1.0.160scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-46473 // JVNDB: JVNDB-2020-008290 // NVD: CVE-2020-9254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9254
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008290
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-46473
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-1098
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9254
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008290
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-46473
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9254
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008290
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-46473 // JVNDB: JVNDB-2020-008290 // CNNVD: CNNVD-202007-1098 // NVD: CVE-2020-9254

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2020-008290 // NVD: CVE-2020-9254

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1098

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1098

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008290

PATCH

title:huawei-sa-20200715-04-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-04-smartphone-en

Trust: 0.8

title:Patch for Huawei P30 Pro logic check error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/230848

Trust: 0.6

title:Huawei P30 Pro Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124916

Trust: 0.6

sources: CNVD: CNVD-2020-46473 // JVNDB: JVNDB-2020-008290 // CNNVD: CNNVD-202007-1098

EXTERNAL IDS

db:NVDid:CVE-2020-9254

Trust: 3.0

db:JVNDBid:JVNDB-2020-008290

Trust: 0.8

db:CNVDid:CNVD-2020-46473

Trust: 0.6

db:NSFOCUSid:49427

Trust: 0.6

db:CNNVDid:CNNVD-202007-1098

Trust: 0.6

sources: CNVD: CNVD-2020-46473 // JVNDB: JVNDB-2020-008290 // CNNVD: CNNVD-202007-1098 // NVD: CVE-2020-9254

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-04-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9254

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-04-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9254

Trust: 0.8

url:http://www.nsfocus.net/vulndb/49427

Trust: 0.6

sources: CNVD: CNVD-2020-46473 // JVNDB: JVNDB-2020-008290 // CNNVD: CNNVD-202007-1098 // NVD: CVE-2020-9254

SOURCES

db:CNVDid:CNVD-2020-46473
db:JVNDBid:JVNDB-2020-008290
db:CNNVDid:CNNVD-202007-1098
db:NVDid:CVE-2020-9254

LAST UPDATE DATE

2024-11-23T22:51:18.840000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-46473date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-008290date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1098date:2020-10-12T00:00:00
db:NVDid:CVE-2020-9254date:2024-11-21T05:40:16.763

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-46473date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-008290date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1098date:2020-07-15T00:00:00
db:NVDid:CVE-2020-9254date:2020-07-17T23:15:11.617