Sign-up

ID

VAR-202010-1179


CVE

CVE-2020-9123


TITLE

HUAWEI P30 Pro  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-012539

DESCRIPTION

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. HUAWEI P30 Pro Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei P30 Pro is a smartphone launched by Huawei

Trust: 2.25

sources: NVD: CVE-2020-9123 // JVNDB: JVNDB-2020-012539 // CNVD: CNVD-2020-55946 // VULMON: CVE-2020-9123

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-55946

AFFECTED PRODUCTS

vendor:huaweimodel:p30 pro <10.1.0.160scope: - version: -

Trust: 1.2

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.160\(c01e160r2p8\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:p30 proscope:ltversion:p30 pro firmware 10.1.0.160(c00e160r2p8) less than

Trust: 0.8

vendor:huaweimodel:p30 proscope:ltversion:p30 pro firmware 10.1.0.160(c01e160r2p8) less than

Trust: 0.8

sources: CNVD: CNVD-2020-55946 // JVNDB: JVNDB-2020-012539 // NVD: CVE-2020-9123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9123
value: HIGH

Trust: 1.0

NVD: CVE-2020-9123
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-55946
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-1681
value: HIGH

Trust: 0.6

VULMON: CVE-2020-9123
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9123
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-55946
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9123
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9123
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-55946 // VULMON: CVE-2020-9123 // JVNDB: JVNDB-2020-012539 // CNNVD: CNNVD-202009-1681 // NVD: CVE-2020-9123

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012539 // NVD: CVE-2020-9123

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1681

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1681

PATCH

title:huawei-sa-20200930-01-bufferurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-buffer-en

Trust: 0.8

title:Patch for Huawei P30 Pro buffer overflow vulnerability (CNVD-2020-55946)url:https://www.cnvd.org.cn/patchInfo/show/236125

Trust: 0.6

title:Huawei P30 Pro Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130238

Trust: 0.6

sources: CNVD: CNVD-2020-55946 // JVNDB: JVNDB-2020-012539 // CNNVD: CNNVD-202009-1681

EXTERNAL IDS

db:NVDid:CVE-2020-9123

Trust: 3.1

db:JVNDBid:JVNDB-2020-012539

Trust: 0.8

db:CNVDid:CNVD-2020-55946

Trust: 0.6

db:NSFOCUSid:50560

Trust: 0.6

db:CNNVDid:CNNVD-202009-1681

Trust: 0.6

db:VULMONid:CVE-2020-9123

Trust: 0.1

sources: CNVD: CNVD-2020-55946 // VULMON: CVE-2020-9123 // JVNDB: JVNDB-2020-012539 // CNNVD: CNNVD-202009-1681 // NVD: CVE-2020-9123

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-9123

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-buffer-en

Trust: 1.7

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200930-01-buffer-cn

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50560

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189274

Trust: 0.1

sources: CNVD: CNVD-2020-55946 // VULMON: CVE-2020-9123 // JVNDB: JVNDB-2020-012539 // CNNVD: CNNVD-202009-1681 // NVD: CVE-2020-9123

SOURCES

db:CNVDid:CNVD-2020-55946
db:VULMONid:CVE-2020-9123
db:JVNDBid:JVNDB-2020-012539
db:CNNVDid:CNNVD-202009-1681
db:NVDid:CVE-2020-9123

LAST UPDATE DATE

2024-11-23T22:37:13.393000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-55946date:2020-10-13T00:00:00
db:VULMONid:CVE-2020-9123date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-012539date:2021-05-12T07:02:00
db:CNNVDid:CNNVD-202009-1681date:2020-11-16T00:00:00
db:NVDid:CVE-2020-9123date:2024-11-21T05:40:05.773

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-55946date:2020-10-13T00:00:00
db:VULMONid:CVE-2020-9123date:2020-10-12T00:00:00
db:JVNDBid:JVNDB-2020-012539date:2021-05-12T00:00:00
db:CNNVDid:CNNVD-202009-1681date:2020-09-30T00:00:00
db:NVDid:CVE-2020-9123date:2020-10-12T14:15:14.433