Details of VAR-202010-1171

ID

VAR-202010-1171

CVE

CVE-2020-9107

TITLE

HUAWEI P30 Pro Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012146

DESCRIPTION

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. Huawei P30 Pro is a smartphone launched by Huawei

Trust: 2.25

sources: NVD: CVE-2020-9107 // JVNDB: JVNDB-2020-012146 // CNVD: CNVD-2020-55944 // VULMON: CVE-2020-9107

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-55944

AFFECTED PRODUCTS

vendor:	huawei	model:	p30 pro	scope:	lt	version:	10.1.0.160\(c00e160r2p8\)	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	p30 pro	scope:	lt	version:	p30 pro firmware 10.1.0.160(c00e160r2p8) less than	Trust: 0.8
vendor:	huawei	model:	p30 pro <10.1.0.160	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-55944 // JVNDB: JVNDB-2020-012146 // NVD: CVE-2020-9107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9107
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9107
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-55944
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202009-1685
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-9107
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9107
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-55944
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9107
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9107
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-55944 // VULMON: CVE-2020-9107 // JVNDB: JVNDB-2020-012146 // CNNVD: CNNVD-202009-1685 // NVD: CVE-2020-9107

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012146 // NVD: CVE-2020-9107

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1685

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1685

PATCH

title:	huawei-sa-20200930-01-readwriteoutbound	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-readwriteoutbound-en	Trust: 0.8
title:	Patch for Huawei P30 Pro out-of-bounds read and write vulnerability (CNVD-2020-55944)	url:	https://www.cnvd.org.cn/patchInfo/show/236116	Trust: 0.6

sources: CNVD: CNVD-2020-55944 // JVNDB: JVNDB-2020-012146

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9107	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012146	Trust: 0.8
db:	CNVD	id:	CNVD-2020-55944	Trust: 0.6
db:	NSFOCUS	id:	50635	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-1685	Trust: 0.6
db:	VULMON	id:	CVE-2020-9107	Trust: 0.1

sources: CNVD: CNVD-2020-55944 // VULMON: CVE-2020-9107 // JVNDB: JVNDB-2020-012146 // CNNVD: CNNVD-202009-1685 // NVD: CVE-2020-9107

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9107	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-readwriteoutbound-en	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/50635	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200930-01-readwriteoutbound-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-55944 // VULMON: CVE-2020-9107 // JVNDB: JVNDB-2020-012146 // CNNVD: CNNVD-202009-1685 // NVD: CVE-2020-9107

SOURCES

db:	CNVD	id:	CNVD-2020-55944
db:	VULMON	id:	CVE-2020-9107
db:	JVNDB	id:	JVNDB-2020-012146
db:	CNNVD	id:	CNNVD-202009-1685
db:	NVD	id:	CVE-2020-9107

LAST UPDATE DATE

2024-11-23T22:16:17.592000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-55944	date:	2020-10-13T00:00:00
db:	VULMON	id:	CVE-2020-9107	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012146	date:	2021-04-26T07:54:00
db:	CNNVD	id:	CNNVD-202009-1685	date:	2020-11-18T00:00:00
db:	NVD	id:	CVE-2020-9107	date:	2024-11-21T05:40:03.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-55944	date:	2020-10-13T00:00:00
db:	VULMON	id:	CVE-2020-9107	date:	2020-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-012146	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202009-1685	date:	2020-09-30T00:00:00
db:	NVD	id:	CVE-2020-9107	date:	2020-10-12T14:15:14.230