ID

VAR-202009-1318


CVE

CVE-2020-9239


TITLE

Huawei Toronto-TL10 Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202009-833

DESCRIPTION

Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab

Trust: 1.0

sources: NVD: CVE-2020-9239

AFFECTED PRODUCTS

vendor:huaweimodel:neo-al00dscope:ltversion:8.1.0.172\(c786\)

Trust: 1.0

vendor:huaweimodel:bla-a09scope:ltversion:8.0.0.123\(c797\)

Trust: 1.0

vendor:huaweimodel:bla-a09scope:eqversion:8.0.0.123\(c212\)

Trust: 1.0

vendor:huaweimodel:bla-a09scope:ltversion:8.0.0.123\(c567\)

Trust: 1.0

vendor:huaweimodel:stanford-al00scope:eqversion:stanford-al00c00b123

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:lteversion:8.0.0.163\(c432\)

Trust: 1.0

vendor:huaweimodel:toronto-al00scope:ltversion:toronto-al00ac00b225

Trust: 1.0

vendor:huaweimodel:jimmy-al00ascope:ltversion:jimmy-al00ac00b172

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:8.0.1.16\(c00\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:ltversion:8.1.0.326\(c01\)

Trust: 1.0

vendor:huaweimodel:p20 proscope:ltversion:8.1.0.152\(c00\)

Trust: 1.0

vendor:huaweimodel:toronto-tl10scope:ltversion:toronto-tl10c01b225

Trust: 1.0

vendor:huaweimodel:duke-l09scope:eqversion:duke-l09c636b189

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:8.0.0.163\(c636\)

Trust: 1.0

vendor:huaweimodel:duke-l09scope:eqversion:duke-l09c432b189

Trust: 1.0

vendor:huaweimodel:lon-l29dscope:eqversion:lon-l29dc721b192

Trust: 1.0

vendor:huaweimodel:toronto-al00ascope:ltversion:toronto-al00ac00b225

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:8.0.0.172\(c10\)

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:8.0.0.163\(c10\)

Trust: 1.0

vendor:huaweimodel:duke-l09scope:eqversion:duke-l09c10b187

Trust: 1.0

sources: NVD: CVE-2020-9239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9239
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202009-833
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9239
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

nvd@nist.gov: CVE-2020-9239
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202009-833 // NVD: CVE-2020-9239

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2020-9239

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-833

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202009-833

EXTERNAL IDS

db:NVDid:CVE-2020-9239

Trust: 1.6

db:CNNVDid:CNNVD-202009-833

Trust: 0.6

sources: CNNVD: CNNVD-202009-833 // NVD: CVE-2020-9239

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200909-04-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9239

Trust: 0.6

sources: CNNVD: CNNVD-202009-833 // NVD: CVE-2020-9239

SOURCES

db:CNNVDid:CNNVD-202009-833
db:NVDid:CVE-2020-9239

LAST UPDATE DATE

2024-11-23T23:11:17.180000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202009-833date:2021-08-16T00:00:00
db:NVDid:CVE-2020-9239date:2024-11-21T05:40:13.153

SOURCES RELEASE DATE

db:CNNVDid:CNNVD-202009-833date:2020-09-11T00:00:00
db:NVDid:CVE-2020-9239date:2020-09-11T14:15:11.660