Sign-up

ID

VAR-202412-3262


CVE

CVE-2020-9253


TITLE

Huawei  of  Lion-AL00C  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353

DESCRIPTION

There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253. Huawei of Lion-AL00C An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2020-9253 // JVNDB: JVNDB-2020-018353

AFFECTED PRODUCTS

vendor:huaweimodel:lion-al00cscope:ltversion:10.1.0.150\(c00e136r5p3\)

Trust: 1.0

vendor:huaweimodel:lion-al00cscope:eqversion:lion-al00c firmware 10.1.0.150(c00e136r5p3)

Trust: 0.8

vendor:huaweimodel:lion-al00cscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:lion-al00cscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com: CVE-2020-9253
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2020-9253
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9253
value: MEDIUM

Trust: 0.8

psirt@huawei.com: CVE-2020-9253
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2020-9253
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-9253
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253 // NVD: CVE-2020-9253

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

EXTERNAL IDS

db:NVDid:CVE-2020-9253

Trust: 2.6

db:JVNDBid:JVNDB-2020-018353

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9253

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

SOURCES

db:JVNDBid:JVNDB-2020-018353
db:NVDid:CVE-2020-9253

LAST UPDATE DATE

2025-01-18T23:09:41.036000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-018353date:2025-01-16T07:11:00
db:NVDid:CVE-2020-9253date:2025-01-13T19:38:19.563

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-018353date:2025-01-16T00:00:00
db:NVDid:CVE-2020-9253date:2024-12-27T10:15:16.610