CVE-2020-9247

EUVD-2020-30076

07.12.2020, 13:15

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Affected Products (NVD)

Vendor	Product	Version
huawei	honor_20_pro_firmware	𝑥 < 10.1.0.230\(c432e9r5p1\)
huawei	mate_20_firmware	𝑥 < 10.1.0.160\(c00e160r3p8\)
huawei	mate_20_pro_firmware	𝑥 < 10.1.0.270\(c432e7r1p5\)
huawei	mate_20_x_firmware	𝑥 < 10.1.0.160\(c00e160r2p8\)
huawei	p30_firmware	9.1.0.272\(c635e4r2p2\)
huawei	p30_pro_firmware	𝑥 < 10.1.0.160\(c00e160r2p8\)
huawei	hima-l29c_firmware	𝑥 < 10.1.0.273\(c185e5r2p4\)
huawei	laya-al00ep_firmware	𝑥 < 10.1.0.160\(c786e160r3p8\)
huawei	princeton-al10b_firmware	𝑥 < 10.1.0.160\(c00e160r2p11\)
huawei	tony-al00b_firmware	𝑥 < 10.1.0.160\(c00e160r2p11\)
huawei	yale-l61a_firmware	𝑥 < 10.1.0.225\(c432e3r1p2\)
huawei	yale-tl00b_firmware	𝑥 < 10.1.0.160\(c01e160r8p12\)
huawei	yalep-al10b_firmware	𝑥 < 10.1.0.160\(c00e160r8p12\)
huawei	honor_20_pro_firmware	𝑥 < 10.1.0.231\(c10e3r3p2\)
huawei	mate_20_pro_firmware	𝑥 < 10.1.0.270\(c635e3r1p5\)
huawei	mate_20_pro_firmware	𝑥 < 10.1.0.273\(c185e7r2p4\)
huawei	mate_20_pro_firmware	𝑥 < 10.1.0.273\(c636e7r2p4\)
huawei	mate_20_pro_firmware	𝑥 < 10.1.0.277\(c10e7r2p4\)
huawei	mate_20_pro_firmware	𝑥 < 10.1.0.277\(c605e7r1p5\)
huawei	p30_firmware	𝑥 < 10.1.0.123\(c432e22r2p5\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c10e7r5p1\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c185e4r7p1\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c605e19r1p3\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c636e5r3p4\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c636e7r3p4\)
huawei	hima-l29c_firmware	𝑥 < 10.1.0.273\(c636e5r2p4\)
huawei	hima-l29c_firmware	𝑥 < 10.1.0.275\(c10e4r2p4\)
huawei	yale-l61a_firmware	𝑥 < 10.1.0.226\(c10e3r1p1\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en