Details of VAR-202010-1172

ID

VAR-202010-1172

CVE

CVE-2020-9108

TITLE

HUAWEI P30 Pro Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-012147

DESCRIPTION

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. Huawei P30 Pro is a smartphone launched by Huawei

Trust: 2.25

sources: NVD: CVE-2020-9108 // JVNDB: JVNDB-2020-012147 // CNVD: CNVD-2020-55945 // VULMON: CVE-2020-9108

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-55945

AFFECTED PRODUCTS

vendor:	huawei	model:	p30 pro	scope:	lt	version:	10.1.0.160\(c00e160r2p8\)	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	p30 pro	scope:	lt	version:	p30 pro firmware 10.1.0.160(c00e160r2p8) less than	Trust: 0.8
vendor:	huawei	model:	p30 pro <10.1.0.160	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-55945 // JVNDB: JVNDB-2020-012147 // NVD: CVE-2020-9108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9108
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9108
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-55945
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202009-1686
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-9108
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9108
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-55945
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9108
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9108
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-55945 // VULMON: CVE-2020-9108 // JVNDB: JVNDB-2020-012147 // CNNVD: CNNVD-202009-1686 // NVD: CVE-2020-9108

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012147 // NVD: CVE-2020-9108

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1686

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1686

PATCH

title:	huawei-sa-20200930-01-outofbound	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-outofbound-en	Trust: 0.8
title:	Patch for Huawei P30 Pro out of bounds read and write vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/236122	Trust: 0.6
title:	Huawei P30 Pro Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131164	Trust: 0.6

sources: CNVD: CNVD-2020-55945 // JVNDB: JVNDB-2020-012147 // CNNVD: CNNVD-202009-1686

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9108	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012147	Trust: 0.8
db:	CNVD	id:	CNVD-2020-55945	Trust: 0.6
db:	NSFOCUS	id:	50636	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-1686	Trust: 0.6
db:	VULMON	id:	CVE-2020-9108	Trust: 0.1

sources: CNVD: CNVD-2020-55945 // VULMON: CVE-2020-9108 // JVNDB: JVNDB-2020-012147 // CNNVD: CNNVD-202009-1686 // NVD: CVE-2020-9108

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9108	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-outofbound-en	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/50636	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200930-01-outofbound-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189256	Trust: 0.1

sources: CNVD: CNVD-2020-55945 // VULMON: CVE-2020-9108 // JVNDB: JVNDB-2020-012147 // CNNVD: CNNVD-202009-1686 // NVD: CVE-2020-9108

SOURCES

db:	CNVD	id:	CNVD-2020-55945
db:	VULMON	id:	CVE-2020-9108
db:	JVNDB	id:	JVNDB-2020-012147
db:	CNNVD	id:	CNNVD-202009-1686
db:	NVD	id:	CVE-2020-9108

LAST UPDATE DATE

2024-11-23T23:01:13.174000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-55945	date:	2020-10-13T00:00:00
db:	VULMON	id:	CVE-2020-9108	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012147	date:	2021-04-26T07:54:00
db:	CNNVD	id:	CNNVD-202009-1686	date:	2020-11-18T00:00:00
db:	NVD	id:	CVE-2020-9108	date:	2024-11-21T05:40:03.250

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-55945	date:	2020-10-13T00:00:00
db:	VULMON	id:	CVE-2020-9108	date:	2020-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-012147	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202009-1686	date:	2020-09-30T00:00:00
db:	NVD	id:	CVE-2020-9108	date:	2020-10-12T14:15:14.293