CVE-2020-9125 - OpenCVE

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Mate 30 Firmware Mate 30

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-12-29T17:22:09

Updated: 2020-12-29T17:22:09

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9125

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-29T18:15:13.290

Modified: 2020-12-31T15:16:32.607

Link: CVE-2020-9125

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "HUAWEI Mate 30", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than 10.1.0.156(C00E155R7P2)"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally."}], "problemTypes": [{"descriptions": [{"description": "Out Of Bound Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-29T17:22:09", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9125", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI Mate 30", "version": {"version_data": [{"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out Of Bound Read"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9125", "datePublished": "2020-12-29T17:22:09", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2020-12-29T17:22:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DCF1F42-FD26-4B31-94F4-D1BCF27D826E", "versionEndExcluding": "10.1.0.156\\(c00e155r7p2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*", "matchCriteriaId": "40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmite en el tel\u00e9fono inteligente Huawei Mate 30 versiones anteriores a 10.1.0.156(C00E155R7P2). Un atacante con permiso espec\u00edfico puede explotar esta vulnerabilidad mediante el env\u00edo de un paquete dise\u00f1ado con un par\u00e1metro espec\u00edfico hacia el dispositivo objetivo. Debido a una comprobaci\u00f3n insuficiente del par\u00e1metro, una explotaci\u00f3n con \u00e9xito puede causar que el dispositivo se comporte anormalmente"}], "id": "CVE-2020-9125", "lastModified": "2020-12-31T15:16:32.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-29T18:15:13.290", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}