CVE-2020-9125

Опубликовано: 29 дек. 2020

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*

Версия до 10.1.0.156\(c00e155r7p2\) (исключая)

cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-v6vx-mcc3-f8vr

github

больше 3 лет назад