CVE-2020-9239

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab

Teléfonos inteligentes Huawei BLA-A09 versiones 8.0.0.123(C212), versiones anteriores a 8.0.0.123(C567), versiones anteriores a 8.0.0.123(C797); BLA-TL00B versiones anteriores a 8.1.0.326(C01); Berkeley-L09 versiones anteriores a 8.0.0.163(C10), versiones anteriores a 8.0.0.163(C432), versiones anteriores a 8.0.0.163(C636), versiones anteriores a 8.0.0.172(C10); Duke-L09 versiones Duke-L09C10B187, versiones Duke- L09C432B189, versiones Duke-L09C636B189; HUAWEI P20 versiones anteriores a 8.0.1.16(C00); HUAWEI P20 Pro versiones anteriores a 8.1.0.152(C00); Jimmy-AL00A versiones anteriores a Jimmy-AL00AC00B172; LON-L29D versiones LON-L29DC721B192; NEO-AL00D versiones anteriores a 8.1.0.172(C786); Stanford-AL00 versiones Stanford-AL00C00B123; Toronto-AL00 versiones anteriores a Toronto-AL00AC00B225; Toronto-AL00A versiones anteriores a Toronto-AL00AC00B225; Toronto-TL10 versiones anteriores a Toronto-TL10C01B225, presentan una vulnerabilidad de información. Un módulo presenta un error de diseño que es la falta de control de entrada. Unos atacantes pueden explotar esta vulnerabilidad

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-02-18 CVE Reserved
2020-09-11 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200909-04-smartphone-en	2021-07-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Huawei Search vendor "Huawei"	Bla-a09 Firmware Search vendor "Huawei" for product "Bla-a09 Firmware"	8.0.0.123\(c212\) Search vendor "Huawei" for product "Bla-a09 Firmware" and version "8.0.0.123\(c212\)"	-	Affected	in	Huawei Search vendor "Huawei"	Bla-a09 Search vendor "Huawei" for product "Bla-a09"	-	-	Safe
Huawei Search vendor "Huawei"	Bla-a09 Firmware Search vendor "Huawei" for product "Bla-a09 Firmware"	< 8.0.0.123\(c567\) Search vendor "Huawei" for product "Bla-a09 Firmware" and version " < 8.0.0.123\(c567\)"	-	Affected	in	Huawei Search vendor "Huawei"	Bla-a09 Search vendor "Huawei" for product "Bla-a09"	-	-	Safe
Huawei Search vendor "Huawei"	Bla-a09 Firmware Search vendor "Huawei" for product "Bla-a09 Firmware"	< 8.0.0.123\(c797\) Search vendor "Huawei" for product "Bla-a09 Firmware" and version " < 8.0.0.123\(c797\)"	-	Affected	in	Huawei Search vendor "Huawei"	Bla-a09 Search vendor "Huawei" for product "Bla-a09"	-	-	Safe
Huawei Search vendor "Huawei"	Bla-tl00b Firmware Search vendor "Huawei" for product "Bla-tl00b Firmware"	< 8.1.0.326\(c01\) Search vendor "Huawei" for product "Bla-tl00b Firmware" and version " < 8.1.0.326\(c01\)"	-	Affected	in	Huawei Search vendor "Huawei"	Bla-tl00b Search vendor "Huawei" for product "Bla-tl00b"	-	-	Safe
Huawei Search vendor "Huawei"	Berkeley-l09 Firmware Search vendor "Huawei" for product "Berkeley-l09 Firmware"	< 8.0.0.163\(c10\) Search vendor "Huawei" for product "Berkeley-l09 Firmware" and version " < 8.0.0.163\(c10\)"	-	Affected	in	Huawei Search vendor "Huawei"	Berkeley-l09 Search vendor "Huawei" for product "Berkeley-l09"	-	-	Safe
Huawei Search vendor "Huawei"	Berkeley-l09 Firmware Search vendor "Huawei" for product "Berkeley-l09 Firmware"	<= 8.0.0.163\(c432\) Search vendor "Huawei" for product "Berkeley-l09 Firmware" and version " <= 8.0.0.163\(c432\)"	-	Affected	in	Huawei Search vendor "Huawei"	Berkeley-l09 Search vendor "Huawei" for product "Berkeley-l09"	-	-	Safe
Huawei Search vendor "Huawei"	Berkeley-l09 Firmware Search vendor "Huawei" for product "Berkeley-l09 Firmware"	< 8.0.0.163\(c636\) Search vendor "Huawei" for product "Berkeley-l09 Firmware" and version " < 8.0.0.163\(c636\)"	-	Affected	in	Huawei Search vendor "Huawei"	Berkeley-l09 Search vendor "Huawei" for product "Berkeley-l09"	-	-	Safe
Huawei Search vendor "Huawei"	Berkeley-l09 Firmware Search vendor "Huawei" for product "Berkeley-l09 Firmware"	< 8.0.0.172\(c10\) Search vendor "Huawei" for product "Berkeley-l09 Firmware" and version " < 8.0.0.172\(c10\)"	-	Affected	in	Huawei Search vendor "Huawei"	Berkeley-l09 Search vendor "Huawei" for product "Berkeley-l09"	-	-	Safe
Huawei Search vendor "Huawei"	Duke-l09 Firmware Search vendor "Huawei" for product "Duke-l09 Firmware"	duke-l09c10b187 Search vendor "Huawei" for product "Duke-l09 Firmware" and version "duke-l09c10b187"	-	Affected	in	Huawei Search vendor "Huawei"	Duke-l09 Search vendor "Huawei" for product "Duke-l09"	-	-	Safe
Huawei Search vendor "Huawei"	Duke-l09 Firmware Search vendor "Huawei" for product "Duke-l09 Firmware"	duke-l09c432b189 Search vendor "Huawei" for product "Duke-l09 Firmware" and version "duke-l09c432b189"	-	Affected	in	Huawei Search vendor "Huawei"	Duke-l09 Search vendor "Huawei" for product "Duke-l09"	-	-	Safe
Huawei Search vendor "Huawei"	Duke-l09 Firmware Search vendor "Huawei" for product "Duke-l09 Firmware"	duke-l09c636b189 Search vendor "Huawei" for product "Duke-l09 Firmware" and version "duke-l09c636b189"	-	Affected	in	Huawei Search vendor "Huawei"	Duke-l09 Search vendor "Huawei" for product "Duke-l09"	-	-	Safe
Huawei Search vendor "Huawei"	P20 Firmware Search vendor "Huawei" for product "P20 Firmware"	< 8.0.1.16\(c00\) Search vendor "Huawei" for product "P20 Firmware" and version " < 8.0.1.16\(c00\)"	-	Affected	in	Huawei Search vendor "Huawei"	P20 Search vendor "Huawei" for product "P20"	-	-	Safe
Huawei Search vendor "Huawei"	P20 Pro Firmware Search vendor "Huawei" for product "P20 Pro Firmware"	< 8.1.0.152\(c00\) Search vendor "Huawei" for product "P20 Pro Firmware" and version " < 8.1.0.152\(c00\)"	-	Affected	in	Huawei Search vendor "Huawei"	P20 Pro Search vendor "Huawei" for product "P20 Pro"	-	-	Safe
Huawei Search vendor "Huawei"	Jimmy-al00a Firmware Search vendor "Huawei" for product "Jimmy-al00a Firmware"	< jimmy-al00ac00b172 Search vendor "Huawei" for product "Jimmy-al00a Firmware" and version " < jimmy-al00ac00b172"	-	Affected	in	Huawei Search vendor "Huawei"	Jimmy-al00a Search vendor "Huawei" for product "Jimmy-al00a"	-	-	Safe
Huawei Search vendor "Huawei"	Lon-l29d Firmware Search vendor "Huawei" for product "Lon-l29d Firmware"	lon-l29dc721b192 Search vendor "Huawei" for product "Lon-l29d Firmware" and version "lon-l29dc721b192"	-	Affected	in	Huawei Search vendor "Huawei"	Lon-l29d Search vendor "Huawei" for product "Lon-l29d"	-	-	Safe
Huawei Search vendor "Huawei"	Neo-al00d Firmware Search vendor "Huawei" for product "Neo-al00d Firmware"	< 8.1.0.172\(c786\) Search vendor "Huawei" for product "Neo-al00d Firmware" and version " < 8.1.0.172\(c786\)"	-	Affected	in	Huawei Search vendor "Huawei"	Neo-al00d Search vendor "Huawei" for product "Neo-al00d"	-	-	Safe
Huawei Search vendor "Huawei"	Stanford-al00 Firmware Search vendor "Huawei" for product "Stanford-al00 Firmware"	stanford-al00c00b123 Search vendor "Huawei" for product "Stanford-al00 Firmware" and version "stanford-al00c00b123"	-	Affected	in	Huawei Search vendor "Huawei"	Stanford-al00 Search vendor "Huawei" for product "Stanford-al00"	-	-	Safe
Huawei Search vendor "Huawei"	Toronto-al00 Firmware Search vendor "Huawei" for product "Toronto-al00 Firmware"	< toronto-al00ac00b225 Search vendor "Huawei" for product "Toronto-al00 Firmware" and version " < toronto-al00ac00b225"	-	Affected	in	Huawei Search vendor "Huawei"	Toronto-al00 Search vendor "Huawei" for product "Toronto-al00"	-	-	Safe
Huawei Search vendor "Huawei"	Toronto-al00a Firmware Search vendor "Huawei" for product "Toronto-al00a Firmware"	< toronto-al00ac00b225 Search vendor "Huawei" for product "Toronto-al00a Firmware" and version " < toronto-al00ac00b225"	-	Affected	in	Huawei Search vendor "Huawei"	Toronto-al00a Search vendor "Huawei" for product "Toronto-al00a"	-	-	Safe
Huawei Search vendor "Huawei"	Toronto-tl10 Firmware Search vendor "Huawei" for product "Toronto-tl10 Firmware"	< toronto-tl10c01b225 Search vendor "Huawei" for product "Toronto-tl10 Firmware" and version " < toronto-tl10c01b225"	-	Affected	in	Huawei Search vendor "Huawei"	Toronto-tl10 Search vendor "Huawei" for product "Toronto-tl10"	-	-	Safe