CVE-2020-9247

7.8HIGH

Key Information:

Vendor: Huawei
Status: Honor 20 Pro; Huawei Mate 20; Huawei Mate 20 Pro; Huawei Mate 20 X
Vendor: CVE Published:; 7 December 2020

Summary

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

Affected Version(s)

Hima-L29C < 10.1.0.273(C185E5R2P4)

Hima-L29C < 10.1.0.273(C636E5R2P4)

Hima-L29C < 10.1.0.275(C10E4R2P4)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2020
Vulnerability Reserved
Feb 18, 2020