ID

VAR-202012-1400


CVE

CVE-2020-9117


TITLE

HUAWEI nova 4  and  SydneyM-AL00  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-013935

DESCRIPTION

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. Huawei nova 4 and Huawei Sydneym-al00 are both smart collections of China's Huawei (Huawei) company. The vulnerability stems from insufficient verification of some parameters in the message. Attackers can use this vulnerability to target the target

Trust: 2.16

sources: NVD: CVE-2020-9117 // JVNDB: JVNDB-2020-013935 // CNVD: CNVD-2020-68352

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-68352

AFFECTED PRODUCTS

vendor:huaweimodel:nova 4scope:ltversion:10.0.0.165\(c01e34r2p4\)

Trust: 1.0

vendor:huaweimodel:sydneym-al00scope:ltversion:10.0.0.165\(c00e66r1p5\)

Trust: 1.0

vendor:huaweimodel:nova 4scope: - version: -

Trust: 0.8

vendor:huaweimodel:sydneym-al00scope: - version: -

Trust: 0.8

vendor:huaweimodel:sydneym-al00 10.0.0.165scope:ltversion: -

Trust: 0.6

vendor:huaweimodel:nova <10.0.0.165scope:eqversion:4

Trust: 0.6

sources: CNVD: CNVD-2020-68352 // JVNDB: JVNDB-2020-013935 // NVD: CVE-2020-9117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9117
value: HIGH

Trust: 1.0

NVD: CVE-2020-9117
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-68352
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1893
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9117
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-68352
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9117
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9117
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-68352 // JVNDB: JVNDB-2020-013935 // CNNVD: CNNVD-202011-1893 // NVD: CVE-2020-9117

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013935 // NVD: CVE-2020-9117

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1893

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1893

PATCH

title:huawei-sa-20201125-01-outofboundreadurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-outofboundread-en

Trust: 0.8

title:Patch for Huawei nova 4 and Huawei Sydneym-al00 out-of-bounds read vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/241528

Trust: 0.6

title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135839

Trust: 0.6

sources: CNVD: CNVD-2020-68352 // JVNDB: JVNDB-2020-013935 // CNNVD: CNNVD-202011-1893

EXTERNAL IDS

db:NVDid:CVE-2020-9117

Trust: 3.0

db:JVNDBid:JVNDB-2020-013935

Trust: 0.8

db:CNVDid:CNVD-2020-68352

Trust: 0.6

db:CNNVDid:CNNVD-202011-1893

Trust: 0.6

sources: CNVD: CNVD-2020-68352 // JVNDB: JVNDB-2020-013935 // CNNVD: CNNVD-202011-1893 // NVD: CVE-2020-9117

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-outofboundread-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9117

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201125-01-outofboundread-cn

Trust: 1.2

sources: CNVD: CNVD-2020-68352 // JVNDB: JVNDB-2020-013935 // CNNVD: CNNVD-202011-1893 // NVD: CVE-2020-9117

SOURCES

db:CNVDid:CNVD-2020-68352
db:JVNDBid:JVNDB-2020-013935
db:CNNVDid:CNNVD-202011-1893
db:NVDid:CVE-2020-9117

LAST UPDATE DATE

2024-11-23T23:11:13.507000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-68352date:2020-12-02T00:00:00
db:JVNDBid:JVNDB-2020-013935date:2021-07-16T01:54:00
db:CNNVDid:CNNVD-202011-1893date:2020-12-07T00:00:00
db:NVDid:CVE-2020-9117date:2024-11-21T05:40:05.020

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-68352date:2020-12-02T00:00:00
db:JVNDBid:JVNDB-2020-013935date:2021-07-16T00:00:00
db:CNNVDid:CNNVD-202011-1893date:2020-11-25T00:00:00
db:NVDid:CVE-2020-9117date:2020-12-01T01:15:11.097