DLL Hijacking Flaw in HiSuite by Huawei
CVE-2020-9100

7.8HIGH

Key Information:

Vendor: Huawei
Status: Hisuite
Vendor: CVE Published:; 6 July 2020

What is CVE-2020-9100?

A vulnerability in HiSuite, a software application by Huawei, allows an attacker to exploit the improper loading of DLL files. Versions prior to 10.1.0.500 are susceptible to this flaw, leading to the potential execution of arbitrary code by an external actor. This risk emphasizes the importance of application updates and security best practices to mitigate such threats.

Affected Version(s)

HiSuite Earlier than HiSuite 10.1.0.500

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2020
Vulnerability Reserved
Feb 18, 2020