CVE-2020-9227 - OpenCVE

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Moana-al00b Moana-al00b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:moana-al00b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:moana-al00b:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-07-17T22:30:01

Updated: 2020-07-17T22:30:01

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9227

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-07-17T23:15:11.473

Modified: 2020-07-22T20:09:55.140

Link: CVE-2020-9227

JSON object: View

Redhat Information

No data.

CWE

CWE-909

{"containers": {"cna": {"affected": [{"product": "Moana-AL00B", "vendor": "Huawei", "versions": [{"status": "affected", "version": "Versions earlier than 10.1.0.166"}]}], "descriptions": [{"lang": "en", "value": "Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions."}], "problemTypes": [{"descriptions": [{"description": "Missing Initialization of Resource", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-17T22:30:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9227", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Moana-AL00B", "version": {"version_data": [{"version_value": "Versions earlier than 10.1.0.166"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing Initialization of Resource"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9227", "datePublished": "2020-07-17T22:30:01", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2020-07-17T22:30:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:moana-al00b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "063AC9F6-151C-4514-8B65-87CAE8A15F9D", "versionEndExcluding": "10.1.0.166", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:moana-al00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "4ED502BE-8765-47F4-BF72-C3973DBB7135", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes Huawei Moana-AL00B con versiones anteriores a 10.1.0.166, presentan una vulnerabilidad de falta inicializaci\u00f3n de recursos. Un atacante enga\u00f1a a un usuario para que instale y luego ejecute una aplicaci\u00f3n dise\u00f1ada. Debido a una inicializaci\u00f3n inapropiada de par\u00e1metros espec\u00edficos, una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede causar excepciones del dispositivo"}], "id": "CVE-2020-9227", "lastModified": "2020-07-22T20:09:55.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-17T23:15:11.473", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-909"}], "source": "nvd@nist.gov", "type": "Primary"}]}