Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2020-9083 CVE-2020-9092 |
CWE-ID | CWE-20 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Huawei Mate 20 Client/Desktop applications / Multimedia software |
Vendor | Huawei |
This security bulletin contains information about 2 vulnerabilities.
Updated 15.10.2020
Added vulnerabilty #2
EUVDB-ID: #VU46242
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9083
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can enter a large amount of text on the phone and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Mate 20: before 10.1.0.163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-03-smartphone-en
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU47654
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9092
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Mate 20: before 10.1.0.163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?