var-202007-1268
Vulnerability from variot
HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. (DoS) It may be put into a state. Huawei P30 Pro is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use malicious applications to exploit this vulnerability to execute code
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1268", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "p30 pro", "scope": "lt", "trust": 1.0, "vendor": "huawei", "version": "10.1.0.126\\(c10e11r5p1\\)" }, { "model": "p30 pro", "scope": "lt", "trust": 1.0, "vendor": "huawei", "version": "10.1.0.123\\(c432e19r2p5patch02\\)" }, { "model": "p30 pro", "scope": "lt", "trust": 1.0, "vendor": "huawei", "version": "10.1.0.160\\(c00e160r2p8\\)" }, { "model": "p30 pro", "scope": "eq", "trust": 0.8, "vendor": "huawei", "version": "10.1.0.123(c432e19r2p5patch02)" }, { "model": "p30 pro", "scope": "eq", "trust": 0.8, "vendor": "huawei", "version": "10.1.0.126(c10e11r5p1)" }, { "model": "p30 pro", "scope": "eq", "trust": 0.8, "vendor": "huawei", "version": "10.1.0.160(c00e160r2p8)" }, { "model": "p30 pro \u003c10.1.0.123", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "p30 pro \u003c10.1.0.126", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "p30 pro \u003c10.1.0.160", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-46471" }, { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "NVD", "id": "CVE-2020-9257" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.0.123\\(c432e19r2p5patch02\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.0.126\\(c10e11r5p1\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9257" } ] }, "cve": "CVE-2020-9257", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-008285", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2020-46471", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008285", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-9257", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-008285", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-46471", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202007-1087", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-46471" }, { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "NVD", "id": "CVE-2020-9257" }, { "db": "CNNVD", "id": "CNNVD-202007-1087" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. (DoS) It may be put into a state. Huawei P30 Pro is a smart phone of China\u0027s Huawei (Huawei) company. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use malicious applications to exploit this vulnerability to execute code", "sources": [ { "db": "NVD", "id": "CVE-2020-9257" }, { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "CNVD", "id": "CNVD-2020-46471" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9257", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-008285", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-46471", "trust": 0.6 }, { "db": "NSFOCUS", "id": "49429", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-1087", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-46471" }, { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "NVD", "id": "CVE-2020-9257" }, { "db": "CNNVD", "id": "CNNVD-202007-1087" } ] }, "id": "VAR-202007-1268", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-46471" } ], "trust": 1.1879629999999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-46471" } ] }, "last_update_date": "2023-12-18T12:27:21.094000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "huawei-sa-20200715-03-smartphone", "trust": 0.8, "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en" }, { "title": "Patch for Huawei P30 Pro buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/230842" }, { "title": "Huawei P30 Pro Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124163" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-46471" }, { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "CNNVD", "id": "CNNVD-202007-1087" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "NVD", "id": "CVE-2020-9257" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9257" }, { "trust": 1.2, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-03-smartphone-cn" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9257" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/49429" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-46471" }, { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "NVD", "id": "CVE-2020-9257" }, { "db": "CNNVD", "id": "CNNVD-202007-1087" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-46471" }, { "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "db": "NVD", "id": "CVE-2020-9257" }, { "db": "CNNVD", "id": "CNNVD-202007-1087" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-17T00:00:00", "db": "CNVD", "id": "CNVD-2020-46471" }, { "date": "2020-09-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "date": "2020-07-17T23:15:11.757000", "db": "NVD", "id": "CVE-2020-9257" }, { "date": "2020-07-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1087" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-17T00:00:00", "db": "CNVD", "id": "CNVD-2020-46471" }, { "date": "2020-09-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008285" }, { "date": "2020-07-22T19:44:28.007000", "db": "NVD", "id": "CVE-2020-9257" }, { "date": "2020-10-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1087" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1087" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HUAWEI P30 Pro Classic buffer overflow vulnerability in smartphones", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008285" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1087" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.