SB20200716105 - Multiple vulnerabilities in Huawei Smartphones

Description

This security bulletin contains information about 3 vulnerabilities.

1) Path traversal (CVE-ID: CVE-2020-9252)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local administrator can send a specially crafted HTTP request and write files to a crafted path.

2) Improper Authorization (CVE-ID: CVE-2020-9251)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to the affected software does not properly restrict certain operation in certain scenario. An attacker with physical access to the device can do certain configuration before the user turns on student mode function and bypass the limit of student mode function.

3) Information disclosure (CVE-ID: CVE-2020-9082)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the system has a logic judging error under certain scenario. An attacker with physical access can gain certain information from certain apps locked by Applock

Remediation

Install update from vendor's website.

References

• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en
• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200722-02-smartphone-en
• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-16-smartphone-en