CVE-2020-9252

2.3LOW

Key Information:

Vendor: Huawei
Status: Huawei Mate 20; Huawei Mate 20 X; Huawei Mate 20 Rs; Honor Magic2
Vendor: CVE Published:; 17 July 2020

Summary

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.

Affected Version(s)

Honor Magic2 Versions earlier than 10.1.0.160(C00E160R2P11)

HUAWEI Mate 20 Versions earlier than 10.1.0.160(C00E160R3P8)

HUAWEI Mate 20 RS Versions earlier than 10.1.0.160(C786E160R3P8)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2020
Vulnerability Reserved
Feb 18, 2020