CVE-2020-9227 - OpenCVE

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Moana-al00b Moana-al00b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:moana-al00b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:moana-al00b:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-07-17T22:30:01

Updated: 2024-08-04T10:19:20.067Z

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9227

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-17T23:15:11.473

Modified: 2020-07-22T20:09:55.140

Link: CVE-2020-9227

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Moana-AL00B", "vendor": "Huawei", "versions": [{"status": "affected", "version": "Versions earlier than 10.1.0.166"}]}], "descriptions": [{"lang": "en", "value": "Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions."}], "problemTypes": [{"descriptions": [{"description": "Missing Initialization of Resource", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-17T22:30:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9227", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Moana-AL00B", "version": {"version_data": [{"version_value": "Versions earlier than 10.1.0.166"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing Initialization of Resource"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:20.067Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9227", "datePublished": "2020-07-17T22:30:01", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2024-08-04T10:19:20.067Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:moana-al00b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "063AC9F6-151C-4514-8B65-87CAE8A15F9D", "versionEndExcluding": "10.1.0.166", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:moana-al00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "4ED502BE-8765-47F4-BF72-C3973DBB7135", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes Huawei Moana-AL00B con versiones anteriores a 10.1.0.166, presentan una vulnerabilidad de falta inicializaci\u00f3n de recursos. Un atacante enga\u00f1a a un usuario para que instale y luego ejecute una aplicaci\u00f3n dise\u00f1ada. Debido a una inicializaci\u00f3n inapropiada de par\u00e1metros espec\u00edficos, una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede causar excepciones del dispositivo"}], "id": "CVE-2020-9227", "lastModified": "2020-07-22T20:09:55.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-17T23:15:11.473", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-09-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-909"}], "source": "nvd@nist.gov", "type": "Primary"}]}