Details of VAR-202010-1176

ID

VAR-202010-1176

CVE

CVE-2020-9112

TITLE

Taurus-AN00B Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2020-012567

DESCRIPTION

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. Taurus-AN00B Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 (5G) Taurus-AN00B is the official firmware of Huawei Mate 30 (5G)

Trust: 2.25

sources: NVD: CVE-2020-9112 // JVNDB: JVNDB-2020-012567 // CNVD: CNVD-2020-59054 // VULMON: CVE-2020-9112

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-59054

AFFECTED PRODUCTS

vendor:	huawei	model:	taurus-an00b	scope:	lt	version:	10.1.0.156\(c00e155r7p2\)	Trust: 1.0
vendor:	huawei	model:	taurus-an00b	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	taurus-an00b	scope:	lt	version:	taurus-an00b firmware 10.1.0.156(c00e155r7p2) less than	Trust: 0.8
vendor:	huawei	model:	mate 30 taurus-an00b	scope:	lt	version:	10.1.0.156	Trust: 0.6

sources: CNVD: CNVD-2020-59054 // JVNDB: JVNDB-2020-012567 // NVD: CVE-2020-9112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9112
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9112
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-59054
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-642
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-9112
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9112
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-59054
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9112
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9112
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-59054 // VULMON: CVE-2020-9112 // JVNDB: JVNDB-2020-012567 // CNNVD: CNNVD-202010-642 // NVD: CVE-2020-9112

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012567 // NVD: CVE-2020-9112

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-642

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-642

PATCH

title:	huawei-sa-20201014-01-privilege	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en	Trust: 0.8
title:	Patch for Huawei Taurus-AN00B Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/237793	Trust: 0.6

sources: CNVD: CNVD-2020-59054 // JVNDB: JVNDB-2020-012567

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9112	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012567	Trust: 0.8
db:	CNVD	id:	CNVD-2020-59054	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-642	Trust: 0.6
db:	VULMON	id:	CVE-2020-9112	Trust: 0.1

sources: CNVD: CNVD-2020-59054 // VULMON: CVE-2020-9112 // JVNDB: JVNDB-2020-012567 // CNNVD: CNNVD-202010-642 // NVD: CVE-2020-9112

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9112	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201014-01-privilege-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189832	Trust: 0.1

sources: CNVD: CNVD-2020-59054 // VULMON: CVE-2020-9112 // JVNDB: JVNDB-2020-012567 // CNNVD: CNNVD-202010-642 // NVD: CVE-2020-9112

SOURCES

db:	CNVD	id:	CNVD-2020-59054
db:	VULMON	id:	CVE-2020-9112
db:	JVNDB	id:	JVNDB-2020-012567
db:	CNNVD	id:	CNNVD-202010-642
db:	NVD	id:	CVE-2020-9112

LAST UPDATE DATE

2024-11-23T22:51:15.506000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-59054	date:	2020-10-28T00:00:00
db:	VULMON	id:	CVE-2020-9112	date:	2020-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-012567	date:	2021-05-13T03:07:00
db:	CNNVD	id:	CNNVD-202010-642	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-9112	date:	2024-11-21T05:40:03.870

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-59054	date:	2020-10-28T00:00:00
db:	VULMON	id:	CVE-2020-9112	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012567	date:	2021-05-13T00:00:00
db:	CNNVD	id:	CNNVD-202010-642	date:	2020-10-14T00:00:00
db:	NVD	id:	CVE-2020-9112	date:	2020-10-19T20:15:13.213