Remote code execution in Several Huawei Smartphones



Published: 2020-05-14 | Updated: 2023-09-13
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-0022
CWE-ID CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Huawei P30 Pro
Client/Desktop applications / Multimedia software

Huawei P30
Client/Desktop applications / Multimedia software

Huawei nova 3e
Client/Desktop applications / Multimedia software

Huawei Mate 20 Pro
Client/Desktop applications / Multimedia software

Huawei P20 Pro
Client/Desktop applications / Multimedia software

Huawei P20
Client/Desktop applications / Multimedia software

Huawei Mate 20 X
Client/Desktop applications / Multimedia software

Huawei Mate 20
Client/Desktop applications / Multimedia software

Vendor Huawei

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Out-of-bounds write

EUVDB-ID: #VU25357

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0022

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists within the System functionality of Android due to a boundary error when processing untrusted input in "reassemble_and_dispatch" of "packet_fragmenter.cc". A remote attacker can trigger out-of-bounds write and execute arbitrary code over Bluetooth on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei P30 Pro: before 10.0.0.195

Huawei P30: before 10.0.0.195

Huawei nova 3e: before 9.1.0.338

Huawei Mate 20 Pro: before 10.0.0.198

Huawei P20 Pro: before 10.0.0.162

Huawei P20: before 10.0.0.162

Huawei Mate 20 X : before 10.0.0.195

Huawei Mate 20: before 10.0.0.195

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###