Vulnerability Name:

CVE-2020-9252 (CCN-185334)

Assigned:2020-07-15
Published:2020-07-15
Updated:2020-07-22
Summary:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.
CVSS v3 Severity:2.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)
2.0 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
2.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)
2.0 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2020-9252

Source: XF
Type: UNKNOWN
huawei-cve20209252-dir-traversal(185334)

Source: CCN
Type: huawei-sa-20200715-07-smartphone
Path Traversal Vulnerability in Several Smartphones

Source: CONFIRM
Type: Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:mate_20_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r3p8))
  • AND
  • cpe:/h:huawei:mate_20:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.135(c00e135r2p8))
  • AND
  • cpe:/h:huawei:mate_20_x:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c786e160r3p8))
  • AND
  • cpe:/h:huawei:mate_20_rs:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:huawei:magic2_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r2p11))
  • AND
  • cpe:/h:huawei:magic2:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:huawei:honor_10:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei mate 20 firmware *
    huawei mate 20 -
    huawei mate 20 x firmware *
    huawei mate 20 x -
    huawei mate 20 rs firmware *
    huawei mate 20 rs -
    huawei magic2 firmware *
    huawei magic2 -
    huawei honor 10 -