Details of VAR-202008-1054

ID

VAR-202008-1054

CVE

CVE-2020-9096

TITLE

HUAWEI P30 Pro Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009984

DESCRIPTION

HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. Huawei P30 Pro is a smart phone of China's Huawei (Huawei) company

Trust: 2.16

sources: NVD: CVE-2020-9096 // JVNDB: JVNDB-2020-009984 // CNVD: CNVD-2020-48584

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-48584

AFFECTED PRODUCTS

vendor:	huawei	model:	p30 pro	scope:	lt	version:	10.1.0.160\(c00e160r2p8\)	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	eq	version:	10.1.0.160(c00e160r2p8)	Trust: 0.8
vendor:	huawei	model:	p30 pro <10.1.0.160	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-48584 // JVNDB: JVNDB-2020-009984 // NVD: CVE-2020-9096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9096
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-009984
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-48584
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202008-998
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9096
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009984
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-48584
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9096
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009984
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-48584 // JVNDB: JVNDB-2020-009984 // CNNVD: CNNVD-202008-998 // NVD: CVE-2020-9096

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-009984 // NVD: CVE-2020-9096

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-998

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-998

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009984

PATCH

title:	huawei-sa-20200819-02-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-02-smartphone-en	Trust: 0.8
title:	Patch for Huawei P30 Pro buffer overflow vulnerability (CNVD-2020-48584)	url:	https://www.cnvd.org.cn/patchInfo/show/231868	Trust: 0.6
title:	Huawei P30 Pro Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126789	Trust: 0.6

sources: CNVD: CNVD-2020-48584 // JVNDB: JVNDB-2020-009984 // CNNVD: CNNVD-202008-998

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9096	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-009984	Trust: 0.8
db:	CNVD	id:	CNVD-2020-48584	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-998	Trust: 0.6

sources: CNVD: CNVD-2020-48584 // JVNDB: JVNDB-2020-009984 // CNNVD: CNNVD-202008-998 // NVD: CVE-2020-9096

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9096	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-02-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9096	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200819-02-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2020-48584 // JVNDB: JVNDB-2020-009984 // CNNVD: CNNVD-202008-998 // NVD: CVE-2020-9096

SOURCES

db:	CNVD	id:	CNVD-2020-48584
db:	JVNDB	id:	JVNDB-2020-009984
db:	CNNVD	id:	CNNVD-202008-998
db:	NVD	id:	CVE-2020-9096

LAST UPDATE DATE

2024-11-23T23:04:16.558000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-48584	date:	2020-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-009984	date:	2020-12-15T08:41:18
db:	CNNVD	id:	CNNVD-202008-998	date:	2020-08-27T00:00:00
db:	NVD	id:	CVE-2020-9096	date:	2024-11-21T05:40:00.993

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-48584	date:	2020-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-009984	date:	2020-12-15T08:41:18
db:	CNNVD	id:	CNNVD-202008-998	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-9096	date:	2020-08-21T14:15:11.277