Multiple vulnerabilities in Huawei Mate 20



Published: 2020-09-03 | Updated: 2020-10-15
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-9083
CVE-2020-9092
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Huawei Mate 20
Client/Desktop applications / Multimedia software

Vendor Huawei

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

Updated 15.10.2020
Added vulnerabilty #2

1) Input validation error

EUVDB-ID: #VU46242

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9083

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can enter a large amount of text on the phone and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: before 10.1.0.163


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-03-smartphone-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Input validation error

EUVDB-ID: #VU47654

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9092

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: before 10.1.0.163


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###