ID

VAR-202012-1394


CVE

CVE-2020-9247


TITLE

plural  Huawei  Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-014149

DESCRIPTION

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B. plural Huawei The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-9247 // JVNDB: JVNDB-2020-014149

AFFECTED PRODUCTS

vendor:huaweimodel:yale-tl00bscope:ltversion:10.1.0.160\(c01e160r8p12\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.273\(c636e7r2p4\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.126\(c10e7r5p1\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.1.0.231\(c10e3r3p2\)

Trust: 1.0

vendor:huaweimodel:yale-l61ascope:ltversion:10.1.0.226\(c10e3r1p1\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.270\(c635e3r1p5\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.126\(c636e7r3p4\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.273\(c185e7r2p4\)

Trust: 1.0

vendor:huaweimodel:yalep-al10bscope:ltversion:10.1.0.160\(c00e160r8p12\)

Trust: 1.0

vendor:huaweimodel:princeton-al10bscope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.270\(c432e7r1p5\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.126\(c636e5r3p4\)

Trust: 1.0

vendor:huaweimodel:hima-l29cscope:ltversion:10.1.0.275\(c10e4r2p4\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.126\(c605e19r1p3\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:10.1.0.160\(c00e160r3p8\)

Trust: 1.0

vendor:huaweimodel:laya-al00epscope:ltversion:10.1.0.160\(c786e160r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.277\(c10e7r2p4\)

Trust: 1.0

vendor:huaweimodel:p30scope:eqversion:9.1.0.272\(c635e4r2p2\)

Trust: 1.0

vendor:huaweimodel:mate 20 xscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.1.0.230\(c432e9r5p1\)

Trust: 1.0

vendor:huaweimodel:tony-al00bscope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.277\(c605e7r1p5\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.123\(c432e22r2p5\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.126\(c185e4r7p1\)

Trust: 1.0

vendor:huaweimodel:hima-l29cscope:ltversion:10.1.0.273\(c185e5r2p4\)

Trust: 1.0

vendor:huaweimodel:yale-l61ascope:ltversion:10.1.0.225\(c432e3r1p2\)

Trust: 1.0

vendor:huaweimodel:hima-l29cscope:ltversion:10.1.0.273\(c636e5r2p4\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:p30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:tony-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:princeton-al10bscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 20 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:laya-al00epscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:hima-l29cscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20 xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014149 // NVD: CVE-2020-9247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9247
value: HIGH

Trust: 1.0

NVD: CVE-2020-9247
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1901
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9247
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-9247
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9247
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-014149 // CNNVD: CNNVD-202007-1901 // NVD: CVE-2020-9247

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014149 // NVD: CVE-2020-9247

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1901

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1901

PATCH

title:huawei-sa-20200729-03-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en

Trust: 0.8

title:Repair measures for Huawei buffer error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129041

Trust: 0.6

sources: JVNDB: JVNDB-2020-014149 // CNNVD: CNNVD-202007-1901

EXTERNAL IDS

db:NVDid:CVE-2020-9247

Trust: 2.4

db:JVNDBid:JVNDB-2020-014149

Trust: 0.8

db:CNNVDid:CNNVD-202007-1901

Trust: 0.6

sources: JVNDB: JVNDB-2020-014149 // CNNVD: CNNVD-202007-1901 // NVD: CVE-2020-9247

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9247

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200729-03-smartphone-cn

Trust: 0.6

sources: JVNDB: JVNDB-2020-014149 // CNNVD: CNNVD-202007-1901 // NVD: CVE-2020-9247

SOURCES

db:JVNDBid:JVNDB-2020-014149
db:CNNVDid:CNNVD-202007-1901
db:NVDid:CVE-2020-9247

LAST UPDATE DATE

2024-11-23T22:29:21.018000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-014149date:2021-08-03T04:39:00
db:CNNVDid:CNNVD-202007-1901date:2021-08-16T00:00:00
db:NVDid:CVE-2020-9247date:2024-11-21T05:40:15.980

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-014149date:2021-08-03T00:00:00
db:CNNVDid:CNNVD-202007-1901date:2020-07-29T00:00:00
db:NVDid:CVE-2020-9247date:2020-12-07T13:15:11.123