Details of VAR-202008-1053

ID

VAR-202008-1053

CVE

CVE-2020-9095

TITLE

HUAWEI P30 Pro Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009983

DESCRIPTION

HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. Huawei P30 Pro is a smart phone of China's Huawei (Huawei) company

Trust: 2.16

sources: NVD: CVE-2020-9095 // JVNDB: JVNDB-2020-009983 // CNVD: CNVD-2020-48585

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-48585

AFFECTED PRODUCTS

vendor:	huawei	model:	p30 pro	scope:	lt	version:	10.1.0.160\(c00e160r2p8\)	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	eq	version:	10.1.0.160(c00e160r2p8)	Trust: 0.8
vendor:	huawei	model:	p30 pro <10.1.0.160	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-48585 // JVNDB: JVNDB-2020-009983 // NVD: CVE-2020-9095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9095
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-009983
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-48585
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202008-999
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9095
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009983
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-48585
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9095
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009983
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-48585 // JVNDB: JVNDB-2020-009983 // CNNVD: CNNVD-202008-999 // NVD: CVE-2020-9095

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2020-009983 // NVD: CVE-2020-9095

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-999

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-999

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009983

PATCH

title:	huawei-sa-20200819-03-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-03-smartphone-en	Trust: 0.8
title:	Patch for Huawei P30 Pro path traversal vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/231874	Trust: 0.6
title:	Huawei P30 Pro Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126790	Trust: 0.6

sources: CNVD: CNVD-2020-48585 // JVNDB: JVNDB-2020-009983 // CNNVD: CNNVD-202008-999

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9095	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-009983	Trust: 0.8
db:	CNVD	id:	CNVD-2020-48585	Trust: 0.6
db:	NSFOCUS	id:	48539	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-999	Trust: 0.6

sources: CNVD: CNVD-2020-48585 // JVNDB: JVNDB-2020-009983 // CNNVD: CNNVD-202008-999 // NVD: CVE-2020-9095

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9095	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-03-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9095	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48539	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200819-03-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2020-48585 // JVNDB: JVNDB-2020-009983 // CNNVD: CNNVD-202008-999 // NVD: CVE-2020-9095

SOURCES

db:	CNVD	id:	CNVD-2020-48585
db:	JVNDB	id:	JVNDB-2020-009983
db:	CNNVD	id:	CNNVD-202008-999
db:	NVD	id:	CVE-2020-9095

LAST UPDATE DATE

2024-11-23T21:59:03.267000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-48585	date:	2020-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-009983	date:	2020-12-15T08:41:17
db:	CNNVD	id:	CNNVD-202008-999	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-9095	date:	2024-11-21T05:40:00.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-48585	date:	2020-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-009983	date:	2020-12-15T08:41:17
db:	CNNVD	id:	CNNVD-202008-999	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-9095	date:	2020-08-21T14:15:11.217