ID

VAR-202007-1268


CVE

CVE-2020-9257


TITLE

HUAWEI P30 Pro Classic buffer overflow vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-008285

DESCRIPTION

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. (DoS) It may be put into a state. Huawei P30 Pro is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use malicious applications to exploit this vulnerability to execute code

Trust: 2.16

sources: NVD: CVE-2020-9257 // JVNDB: JVNDB-2020-008285 // CNVD: CNVD-2020-46471

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46471

AFFECTED PRODUCTS

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.126\(c10e11r5p1\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.123\(c432e19r2p5patch02\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:eqversion:10.1.0.123(c432e19r2p5patch02)

Trust: 0.8

vendor:huaweimodel:p30 proscope:eqversion:10.1.0.126(c10e11r5p1)

Trust: 0.8

vendor:huaweimodel:p30 proscope:eqversion:10.1.0.160(c00e160r2p8)

Trust: 0.8

vendor:huaweimodel:p30 pro <10.1.0.123scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <10.1.0.126scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <10.1.0.160scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-46471 // JVNDB: JVNDB-2020-008285 // NVD: CVE-2020-9257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9257
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008285
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-46471
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-1087
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9257
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008285
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-46471
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9257
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008285
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-46471 // JVNDB: JVNDB-2020-008285 // CNNVD: CNNVD-202007-1087 // NVD: CVE-2020-9257

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2020-008285 // NVD: CVE-2020-9257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1087

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1087

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008285

PATCH

title:huawei-sa-20200715-03-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en

Trust: 0.8

title:Patch for Huawei P30 Pro buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/230842

Trust: 0.6

title:Huawei P30 Pro Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124163

Trust: 0.6

sources: CNVD: CNVD-2020-46471 // JVNDB: JVNDB-2020-008285 // CNNVD: CNNVD-202007-1087

EXTERNAL IDS

db:NVDid:CVE-2020-9257

Trust: 3.0

db:JVNDBid:JVNDB-2020-008285

Trust: 0.8

db:CNVDid:CNVD-2020-46471

Trust: 0.6

db:NSFOCUSid:49429

Trust: 0.6

db:CNNVDid:CNNVD-202007-1087

Trust: 0.6

sources: CNVD: CNVD-2020-46471 // JVNDB: JVNDB-2020-008285 // CNNVD: CNNVD-202007-1087 // NVD: CVE-2020-9257

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9257

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-03-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9257

Trust: 0.8

url:http://www.nsfocus.net/vulndb/49429

Trust: 0.6

sources: CNVD: CNVD-2020-46471 // JVNDB: JVNDB-2020-008285 // CNNVD: CNNVD-202007-1087 // NVD: CVE-2020-9257

SOURCES

db:CNVDid:CNVD-2020-46471
db:JVNDBid:JVNDB-2020-008285
db:CNNVDid:CNNVD-202007-1087
db:NVDid:CVE-2020-9257

LAST UPDATE DATE

2024-11-23T22:21:04.710000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-46471date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-008285date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1087date:2020-10-12T00:00:00
db:NVDid:CVE-2020-9257date:2024-11-21T05:40:17.173

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-46471date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-008285date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1087date:2020-07-15T00:00:00
db:NVDid:CVE-2020-9257date:2020-07-17T23:15:11.757