There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Huawei
  • Hima-l29c
  • Hima-l29c Firmware
  • Honor 20 Pro
  • Honor 20 Pro Firmware
  • Laya-al00ep
  • Laya-al00ep Firmware
  • Mate 20
  • Mate 20 Firmware
  • Mate 20 Pro
  • Mate 20 Pro Firmware
  • Mate 20 X
  • Mate 20 X Firmware
  • P30
  • P30 Firmware
  • P30 Pro
  • P30 Pro Firmware
  • Princeton-al10b
  • Princeton-al10b Firmware
  • Tony-al00b
  • Tony-al00b Firmware
  • Yale-l61a
  • Yale-l61a Firmware
  • Yale-tl00b
  • Yale-tl00b Firmware
  • Yalep-al10b
  • Yalep-al10b Firmware

Configuration 1 [-]

AND
cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:p30_firmware:9.1.0.272\(c635e4r2p2\):*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:h:huawei:laya-al00ep:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:laya-al00ep_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:huawei:princeton-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:princeton-al10b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-l61a:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:huawei:yale-tl00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-tl00b:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-l61a:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-12-07T12:49:00

Updated: 2024-08-04T10:19:20.138Z

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9247

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-12-07T13:15:11.123

Modified: 2020-12-08T16:27:30.147

Link: CVE-2020-9247

cve-icon Redhat

No data.