Sign-up

ID

VAR-202010-1177


CVE

CVE-2020-9113


TITLE

HUAWEI Mate 20  Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2020-012481

DESCRIPTION

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. HUAWEI Mate 20 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HUAWEI Mate 20 is a smart phone launched by Huawei. The vulnerability stems from insufficient input validation. An attacker can use this vulnerability to implement code execution through a specially crafted Bluetooth message after successful pairing

Trust: 2.25

sources: NVD: CVE-2020-9113 // JVNDB: JVNDB-2020-012481 // CNVD: CNVD-2020-57586 // VULMON: CVE-2020-9113

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-57586

AFFECTED PRODUCTS

vendor:huaweimodel:mate 20scope:ltversion:10.0.0.188\(c00e74r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion: -

Trust: 0.8

vendor:huaweimodel:mate 20scope:ltversion:mate 20 firmware 10.0.0.188(c00e74r3p8) less than

Trust: 0.8

vendor:huaweimodel:mate <10.0.0.188scope:eqversion:20

Trust: 0.6

sources: CNVD: CNVD-2020-57586 // JVNDB: JVNDB-2020-012481 // NVD: CVE-2020-9113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9113
value: HIGH

Trust: 1.0

NVD: CVE-2020-9113
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-57586
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202010-640
value: HIGH

Trust: 0.6

VULMON: CVE-2020-9113
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9113
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-57586
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9113
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9113
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-57586 // VULMON: CVE-2020-9113 // JVNDB: JVNDB-2020-012481 // CNNVD: CNNVD-202010-640 // NVD: CVE-2020-9113

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012481 // NVD: CVE-2020-9113

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-640

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-640

PATCH

title:huawei-sa-20201014-01-bluetoothurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-bluetooth-en

Trust: 0.8

title:Patch for HUAWEI Mate 20 buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/236905

Trust: 0.6

title:Huawei Mate 20 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131282

Trust: 0.6

sources: CNVD: CNVD-2020-57586 // JVNDB: JVNDB-2020-012481 // CNNVD: CNNVD-202010-640

EXTERNAL IDS

db:NVDid:CVE-2020-9113

Trust: 3.1

db:JVNDBid:JVNDB-2020-012481

Trust: 0.8

db:CNVDid:CNVD-2020-57586

Trust: 0.6

db:NSFOCUSid:50559

Trust: 0.6

db:CNNVDid:CNNVD-202010-640

Trust: 0.6

db:VULMONid:CVE-2020-9113

Trust: 0.1

sources: CNVD: CNVD-2020-57586 // VULMON: CVE-2020-9113 // JVNDB: JVNDB-2020-012481 // CNNVD: CNNVD-202010-640 // NVD: CVE-2020-9113

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-9113

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-bluetooth-en

Trust: 1.7

url:http://www.nsfocus.net/vulndb/50559

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201014-01-bluetooth-cn

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189827

Trust: 0.1

sources: CNVD: CNVD-2020-57586 // VULMON: CVE-2020-9113 // JVNDB: JVNDB-2020-012481 // CNNVD: CNNVD-202010-640 // NVD: CVE-2020-9113

SOURCES

db:CNVDid:CNVD-2020-57586
db:VULMONid:CVE-2020-9113
db:JVNDBid:JVNDB-2020-012481
db:CNNVDid:CNNVD-202010-640
db:NVDid:CVE-2020-9113

LAST UPDATE DATE

2024-11-23T22:44:24.814000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-57586date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-9113date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-012481date:2021-05-10T07:32:00
db:CNNVDid:CNNVD-202010-640date:2020-11-16T00:00:00
db:NVDid:CVE-2020-9113date:2024-11-21T05:40:04.010

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-57586date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-9113date:2020-10-19T00:00:00
db:JVNDBid:JVNDB-2020-012481date:2021-05-10T00:00:00
db:CNNVDid:CNNVD-202010-640date:2020-10-14T00:00:00
db:NVDid:CVE-2020-9113date:2020-10-19T20:15:13.260