Insufficient Input Validation in Huawei Taurus-AN00B Products
CVE-2020-9105

6.7MEDIUM

Key Information:

Vendor: Huawei
Status: Taurus-an00b
Vendor: CVE Published:; 9 October 2020

Summary

Huawei Taurus-AN00B devices prior to version 10.1.0.156(C00E155R7P2) are susceptible to an insufficient input validation flaw. This vulnerability allows an attacker to manipulate the device's memory through a series of operations due to the faulty input validation logic. Exploitation of this flaw can lead to service interruptions and compromise the integrity of the device.

Affected Version(s)

Taurus-AN00B Versions earlier than 10.1.0.156(C00E155R7P2)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2020
Vulnerability Reserved
Feb 18, 2020