SB2020090304 - Multiple vulnerabilities in Huawei Mate 20

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020090304

SB2020090304 - Multiple vulnerabilities in Huawei Mate 20

Published: September 3, 2020 Updated: October 15, 2020

Security Bulletin ID SB2020090304
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Physical access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2020-9083)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can enter a large amount of text on the phone and perform a denial of service (DoS) attack.


2) Input validation error (CVE-ID: CVE-2020-9092)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.


Remediation

Install update from vendor's website.

References