var-202012-1400
Vulnerability from variot

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. Huawei nova 4 and Huawei Sydneym-al00 are both smart collections of China's Huawei (Huawei) company. The vulnerability stems from insufficient verification of some parameters in the message. Attackers can use this vulnerability to target the target

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1400",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nova 4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.165\\(c01e34r2p4\\)"
      },
      {
        "model": "sydneym-al00",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.165\\(c00e66r1p5\\)"
      },
      {
        "model": "nova 4",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sydneym-al00",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sydneym-al00 10.0.0.165",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nova \u003c10.0.0.165",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:nova_4_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.0.165\\(c01e34r2p4\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:nova_4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:sydneym-al00_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.0.165\\(c00e66r1p5\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:sydneym-al00:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      }
    ]
  },
  "cve": "CVE-2020-9117",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-9117",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "id": "CNVD-2020-68352",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-9117",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-9117",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-68352",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202011-1893",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. Huawei nova 4 and Huawei Sydneym-al00 are both smart collections of China\u0027s Huawei (Huawei) company. The vulnerability stems from insufficient verification of some parameters in the message. Attackers can use this vulnerability to target the target",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9117",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ]
  },
  "id": "VAR-202012-1400",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      }
    ],
    "trust": 1.10473487
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:00:18.792000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20201125-01-outofboundread",
        "trust": 0.8,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-outofboundread-en"
      },
      {
        "title": "Patch for Huawei nova 4 and Huawei Sydneym-al00 out-of-bounds read vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/241528"
      },
      {
        "title": "Multiple Huawei Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135839"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-outofboundread-en"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9117"
      },
      {
        "trust": 1.2,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201125-01-outofboundread-cn"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "date": "2021-07-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "date": "2020-12-01T01:15:11.097000",
        "db": "NVD",
        "id": "CVE-2020-9117"
      },
      {
        "date": "2020-11-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-68352"
      },
      {
        "date": "2021-07-16T01:54:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      },
      {
        "date": "2020-12-04T17:28:34.320000",
        "db": "NVD",
        "id": "CVE-2020-9117"
      },
      {
        "date": "2020-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HUAWEI\u00a0nova\u00a04\u00a0 and \u00a0SydneyM-AL00\u00a0 Out-of-bounds Vulnerability in Microsoft",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-013935"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1893"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.