Vulnerability Name:

CVE-2020-9223 (CCN-193979)

Assigned:2020-12-16
Published:2020-12-16
Updated:2020-12-30
Summary:There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-9223

Source: XF
Type: UNKNOWN
huawei-cve20209223-dos(193979)

Source: CCN
Type: huawei-sa-20201216-03-smartphone
Denial of Service Vulnerability in Huawei Smartphone

Source: CONFIRM
Type: Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-03-smartphone-en

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.230(c432e9r5p1))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c10e3r3p2))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c185e3r5p1))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c636e3r3p1))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.168(c00e166r4p11))
  • AND
  • cpe:/h:huawei:princeton-al10d:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.230(c432e9r5p1))
  • AND
  • cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c10e3r3p2))
  • AND
  • cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c185e2r2p1))
  • AND
  • cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c636e3r3p1))
  • AND
  • cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.225(c432e3r1p2))
  • AND
  • cpe:/h:huawei:yale-l61a:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.226(c10e3r1p1))
  • AND
  • cpe:/h:huawei:yale-l61a:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:huawei:honor_20:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:princeton-al10d:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:yale-l61a:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei princeton-al10d firmware *
    huawei princeton-al10d -
    huawei yale-l21a firmware *
    huawei yale-l21a -
    huawei yale-l21a firmware *
    huawei yale-l21a -
    huawei yale-l21a firmware *
    huawei yale-l21a -
    huawei yale-l21a firmware *
    huawei yale-l21a -
    huawei yale-l61a firmware *
    huawei yale-l61a -
    huawei yale-l61a firmware *
    huawei yale-l61a -
    huawei honor 20 -
    huawei princeton-al10d -
    huawei yale-l21a -
    huawei yale-l61a -