Vulnerability Name:

CVE-2020-9235 (CCN-187718)

Assigned:2020-09-02
Published:2020-09-02
Updated:2021-07-21
Summary:Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-9235

Source: XF
Type: UNKNOWN
huawei-cve20209235-info-disc(187718)

Source: CCN
Type: huawei-sa-20200902-07-smartphone
Information Disclosure Vulnerability in Several Smartphones

Source: MISC
Type: Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.230(c432e9r5p1))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c10e3r3p2))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c185e3r5p1))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c636e3r3p1))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.212(c432e10r3p4))
  • AND
  • cpe:/h:huawei:honor_view_20:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.213(c636e3r4p3))
  • AND
  • cpe:/h:huawei:honor_view_20:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.214(c10e5r4p3))
  • AND
  • cpe:/h:huawei:honor_view_20:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.214(c185e3r3p3))
  • AND
  • cpe:/h:huawei:honor_view_20:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:huawei:oxfords-an00a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.212(c00e210r5p1))
  • AND
  • cpe:/h:huawei:oxfords-an00a:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:huawei:princeton-al10b_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r2p11))
  • AND
  • cpe:/h:huawei:princeton-al10b:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r2p11))
  • AND
  • cpe:/h:huawei:princeton-al10d:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:huawei:princeton-tl10c_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c01e160r2p11))
  • AND
  • cpe:/h:huawei:princeton-tl10c:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r2p11))
  • AND
  • cpe:/h:huawei:tony-al00b:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r8p12))
  • AND
  • cpe:/h:huawei:yale-al00a:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.230(c432e9r5p1))
  • AND
  • cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c10e3r3p2))
  • AND
  • cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.231(c636e3r3p1))
  • AND
  • cpe:/h:huawei:yale-l21a:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.225(c431e3r1p2))
  • AND
  • cpe:/h:huawei:yale-l61a:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.225(c432e3r1p2))
  • AND
  • cpe:/h:huawei:yale-l61a:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:honor_view_20:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor view 20 firmware *
    huawei honor view 20 -
    huawei honor view 20 firmware *
    huawei honor view 20 -
    huawei honor view 20 firmware *
    huawei honor view 20 -
    huawei honor view 20 firmware *
    huawei honor view 20 -
    huawei oxfords-an00a firmware *
    huawei oxfords-an00a -
    huawei princeton-al10b firmware *
    huawei princeton-al10b -
    huawei princeton-al10d firmware *
    huawei princeton-al10d -
    huawei princeton-tl10c firmware *
    huawei princeton-tl10c -
    huawei tony-al00b firmware *
    huawei tony-al00b -
    huawei yale-al00a firmware *
    huawei yale-al00a -
    huawei yale-l21a firmware *
    huawei yale-l21a -
    huawei yale-l21a firmware *
    huawei yale-l21a -
    huawei yale-l21a firmware *
    huawei yale-l21a -
    huawei yale-l61a firmware *
    huawei yale-l61a -
    huawei yale-l61a firmware *
    huawei yale-l61a -
    huawei honor 20 pro -
    huawei honor view 20 -