CVE-2020-9118 - OpenCVE

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Ais-bw80h-00 Ais-bw80h-00 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\(h100sp3c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\(h100sp9c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\(h100sp13c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\(h100sp18c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\(h100sp1c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\(h100sp2c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\(h100sp5c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\(h100sp8c00\):::::::*
	cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.3\(h100sp1c00\):::::::*

cpe:2.3:h:huawei:ais-bw80h-00:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2021-02-06T01:10:51

Updated: 2021-02-06T01:10:51

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9118

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-02-06T02:15:12.477

Modified: 2021-02-10T18:21:55.027

Link: CVE-2020-9118

JSON object: View

Redhat Information

No data.

CWE

CWE-354

{"containers": {"cna": {"affected": [{"product": "AIS-BW80H-00", "vendor": "n/a", "versions": [{"status": "affected", "version": "9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00)"}]}], "descriptions": [{"lang": "en", "value": "There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00)."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Integrity Check", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-06T01:10:51", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9118", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AIS-BW80H-00", "version": {"version_data": [{"version_value": "9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Integrity Check"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9118", "datePublished": "2021-02-06T01:10:51", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2021-02-06T01:10:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\\(h100sp3c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "CD80C36A-9578-4D4E-A7D4-6B6EF698A08B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\\(h100sp9c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "A67D0718-E24E-4B52-B6C5-407A4002B139", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\\(h100sp13c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "106C2263-2C07-481A-A902-0B639254E91E", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.1\\(h100sp18c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "7322BA99-72F2-44B4-90B8-CFFF1E96AC82", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\\(h100sp1c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "01A8C906-E443-45B3-97C0-6C7142873E3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\\(h100sp2c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "F713DA59-B422-4DB4-8048-B11BA9467527", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\\(h100sp5c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "C1762EF9-4282-4E44-BA91-6027FADFEE6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.2\\(h100sp8c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "1C6820C1-B9F9-49D6-80FE-B8BFA8658D12", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ais-bw80h-00_firmware:9.0.3.3\\(h100sp1c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "BD9772B9-C207-4EB5-A89C-BA198B758B9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ais-bw80h-00:-:*:*:*:*:*:*:*", "matchCriteriaId": "11FA0E49-5801-44FD-86F9-425FC1431BC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00)."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de comprobaci\u00f3n insuficiente de la integridad en el producto Sound X de Huawei. El sistema no comprueba suficientemente la integridad de determinados paquetes de software. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante cargar un paquete de software dise\u00f1ado en el dispositivo. Unas versiones de producto afectadas incluyen: AIS-BW80H-00 versiones 9.0.3.1 (H100SP13C00), 9.0.3.1 (H100SP18C00), 9.0.3.1 (H100SP3C00), 9.0.3.1 (H100SP9C00), 9.0.3.2 (H100SP1C00), 9.0.3.2 ( H100SP2C00), 9.0.3.2 (H100SP5C00), 9.0.3.2 (H100SP8C00), 9.0.3.3 (H100SP1C00)"}], "id": "CVE-2020-9118", "lastModified": "2021-02-10T18:21:55.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-06T02:15:12.477", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "nvd@nist.gov", "type": "Primary"}]}