CVE-2020-9235

EUVD-2020-30064

03.09.2020, 19:15

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
huawei	honor_20_pro_firmware	𝑥 < 10.1.0.230\(c432e9r5p1\)
huawei	honor_20_pro_firmware	𝑥 < 10.1.0.231\(c10e3r3p2\)
huawei	honor_20_pro_firmware	𝑥 < 10.1.0.231\(c185e3r5p1\)
huawei	honor_20_pro_firmware	𝑥 < 10.1.0.231\(c636e3r3p1\)
huawei	honor_view_20_firmware	𝑥 < 10.1.0.212\(c432e10r3p4\)
huawei	honor_view_20_firmware	𝑥 < 10.1.0.213\(c636e3r4p3\)
huawei	honor_view_20_firmware	𝑥 < 10.1.0.214\(c10e5r4p3\)
huawei	honor_view_20_firmware	𝑥 < 10.1.0.214\(c185e3r3p3\)
huawei	oxfords-an00a_firmware	𝑥 < 10.1.0.212\(c00e210r5p1\)
huawei	princeton-al10b_firmware	𝑥 < 10.1.0.160\(c00e160r2p11\)
huawei	princeton-al10d_firmware	𝑥 < 10.1.0.160\(c00e160r2p11\)
huawei	princeton-tl10c_firmware	𝑥 < 10.1.0.160\(c01e160r2p11\)
huawei	tony-al00b_firmware	𝑥 < 10.1.0.160\(c00e160r2p11\)
huawei	yale-al00a_firmware	𝑥 < 10.1.0.160\(c00e160r8p12\)
huawei	yale-l21a_firmware	𝑥 < 10.1.0.230\(c432e9r5p1\)
huawei	yale-l21a_firmware	𝑥 < 10.1.0.231\(c10e3r3p2\)
huawei	yale-l21a_firmware	𝑥 < 10.1.0.231\(c636e3r3p1\)
huawei	yale-l61a_firmware	𝑥 < 10.1.0.225\(c431e3r1p2\)
huawei	yale-l61a_firmware	𝑥 < 10.1.0.225\(c432e3r1p2\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en