ID
VAR-202009-1320
CVE
CVE-2020-9084
TITLE
Huawei Taurus-AL00B resource management error vulnerability (CNVD-2020-60319)
Trust: 0.6
DESCRIPTION
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Huawei Taurus-AL00B is a smart phone of China's Huawei (Huawei) company. Some Huawei phones have resource management errors. The vulnerability stems from use-after-free (UAF), which can be exploited by attackers to increase privileges and affect services
Trust: 1.44
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | huawei | model: | taurus-an00b | scope: | lt | version: | 10.1.0.156\(c00e155r7p2\) | Trust: 1.0 |
| vendor: | huawei | model: | taurus-al00b <10.1.0.156 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.0 |
THREAT TYPE
local
Trust: 0.6
TYPE
resource management error
Trust: 0.6
PATCH
| title: | Patch for Huawei Taurus-AL00B resource management error vulnerability (CNVD-2020-60319) | url: | https://www.cnvd.org.cn/patchInfo/show/238423 | Trust: 0.6 |
| title: | Huawei Taurus-AL00B Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128323 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-9084 | Trust: 2.2 |
| db: | CNVD | id: | CNVD-2020-60319 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202009-1015 | Trust: 0.6 |
REFERENCES
| url: | https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-9084 | Trust: 1.2 |
| url: | https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200916-01-smartphone-cn | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2020-60319 |
| db: | CNNVD | id: | CNNVD-202009-1015 |
| db: | NVD | id: | CVE-2020-9084 |
LAST UPDATE DATE
2024-11-23T22:21:02.136000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-60319 | date: | 2020-11-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-202009-1015 | date: | 2021-08-16T00:00:00 |
| db: | NVD | id: | CVE-2020-9084 | date: | 2024-11-21T05:39:59.720 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-60319 | date: | 2020-11-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-202009-1015 | date: | 2020-09-16T00:00:00 |
| db: | NVD | id: | CVE-2020-9084 | date: | 2020-09-18T19:15:16.437 |