CVE-2020-9247 - OpenCVE

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P30 Pro Firmware Yalep-al10b Yale-tl00b Mate 20 Pro Firmware Honor 20 Pro Firmware Princeton-al10b Mate 20 Pro Laya-al00ep Mate 20 X Firmware Yale-l61a Firmware Yalep-al10b Firmware Mate 20 Mate 20 X Princeton-al10b Firmware Yale-l61a Tony-al00b P30 Pro Hima-l29c Firmware Hima-l29c P30 Tony-al00b Firmware Mate 20 Firmware Honor 20 Pro Laya-al00ep Firmware Yale-tl00b Firmware P30 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:p30_firmware:9.1.0.272\(c635e4r2p2\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:huawei:laya-al00ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:laya-al00ep:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:huawei:princeton-al10b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:princeton-al10b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:yale-l61a:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:huawei:yale-tl00b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:yale-tl00b:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:yale-l61a:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-12-07T12:49:00

Updated: 2020-12-07T12:49:00

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9247

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-07T13:15:11.123

Modified: 2020-12-08T16:27:30.147

Link: CVE-2020-9247

JSON object: View

Redhat Information

No data.

CWE

CWE-120