Vulnerability Name: | CVE-2020-9257 (CCN-185329) | ||||||||||||
Assigned: | 2020-07-15 | ||||||||||||
Published: | 2020-07-15 | ||||||||||||
Updated: | 2020-07-22 | ||||||||||||
Summary: | HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. | ||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-120 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-9257 Source: XF Type: UNKNOWN huawei-cve20209257-bo(185329) Source: CCN Type: huawei-sa-20200715-03-smartphone Buffer Overflow Vulnerability in Several Smartphones Source: CONFIRM Type: Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1: ![]() | ||||||||||||
BACK |