VAR-202007-1268
Vulnerability from variot - Updated: 2023-12-18 12:27HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. (DoS) It may be put into a state. Huawei P30 Pro is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use malicious applications to exploit this vulnerability to execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p30 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.126\\(c10e11r5p1\\)"
},
{
"model": "p30 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.123\\(c432e19r2p5patch02\\)"
},
{
"model": "p30 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.160\\(c00e160r2p8\\)"
},
{
"model": "p30 pro",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "10.1.0.123(c432e19r2p5patch02)"
},
{
"model": "p30 pro",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "10.1.0.126(c10e11r5p1)"
},
{
"model": "p30 pro",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "10.1.0.160(c00e160r2p8)"
},
{
"model": "p30 pro \u003c10.1.0.123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p30 pro \u003c10.1.0.126",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p30 pro \u003c10.1.0.160",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "NVD",
"id": "CVE-2020-9257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.1.0.123\\(c432e19r2p5patch02\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.1.0.126\\(c10e11r5p1\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9257"
}
]
},
"cve": "CVE-2020-9257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008285",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-46471",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008285",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9257",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008285",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-46471",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1087",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "NVD",
"id": "CVE-2020-9257"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. (DoS) It may be put into a state. Huawei P30 Pro is a smart phone of China\u0027s Huawei (Huawei) company. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use malicious applications to exploit this vulnerability to execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9257"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "CNVD",
"id": "CNVD-2020-46471"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9257",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-46471",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "49429",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1087",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "NVD",
"id": "CVE-2020-9257"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
]
},
"id": "VAR-202007-1268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
}
],
"trust": 1.1879629999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
}
]
},
"last_update_date": "2023-12-18T12:27:21.094000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200715-03-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en"
},
{
"title": "Patch for Huawei P30 Pro buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/230842"
},
{
"title": "Huawei P30 Pro Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124163"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "NVD",
"id": "CVE-2020-9257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9257"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-03-smartphone-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9257"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49429"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "NVD",
"id": "CVE-2020-9257"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"db": "NVD",
"id": "CVE-2020-9257"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"date": "2020-07-17T23:15:11.757000",
"db": "NVD",
"id": "CVE-2020-9257"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46471"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008285"
},
{
"date": "2020-07-22T19:44:28.007000",
"db": "NVD",
"id": "CVE-2020-9257"
},
{
"date": "2020-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HUAWEI P30 Pro Classic buffer overflow vulnerability in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008285"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1087"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…