Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-9235 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Huawei Honor 20 PRO Client/Desktop applications / Multimedia software Honor V20 Client/Desktop applications / Multimedia software OxfordS-AN00A Hardware solutions / Firmware Princeton-AL10B Hardware solutions / Firmware Princeton-AL10D Hardware solutions / Firmware Princeton-TL10C Hardware solutions / Firmware Huawei Tony-AL00B Hardware solutions / Firmware Yale-AL00A Hardware solutions / Firmware Yale-L21A Hardware solutions / Firmware Yale-L61A Hardware solutions / Firmware |
Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU46243
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9235
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the module has a design error that is lack of control of input. A local attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Honor 20 PRO: before 10.1.0.231(C636E3R3P1)
Honor V20: before 10.1.0.214(C185E3R3P3)
OxfordS-AN00A: before 10.1.0.212(C00E210R5P1)
Princeton-AL10B: before 10.1.0.160
Princeton-AL10D: before 10.1.0.160
Princeton-TL10C: before 10.1.0.160
Huawei Tony-AL00B: before 10.1.0.160
Yale-AL00A: before 10.1.0.160
Yale-L21A: before 10.1.0.231(C636E3R3P1)
Yale-L61A: before 10.1.0.225(C432E3R1P2)
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.