Risk | Low |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2020-9108 CVE-2020-9109 CVE-2020-9107 |
CWE-ID | CWE-125 CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Huawei P30 Pro Client/Desktop applications / Multimedia software Huawei Mate 20 Client/Desktop applications / Multimedia software Huawei Mate 20 X Client/Desktop applications / Multimedia software Laya-AL00EP Hardware solutions / Firmware Huawei Tony-AL00B Hardware solutions / Firmware huawei Tony-TL00B Hardware solutions / Firmware |
Vendor | Huawei |
This security bulletin contains information about 3 vulnerabilities.
Updated 12.10.2020
Added vulnerability #3
EUVDB-ID: #VU47194
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9108
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A local attacker can send a specially crafted message, trigger out-of-bounds read error and cause the process reboot.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei P30 Pro: before 10.1.0.160
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-outofbound-en
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU47196
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9109
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the affected device does not sufficiently validate the identity of smart wearable device. A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Mate 20: before 10.1.0.160
Huawei Mate 20 X : before 10.1.0.160
Huawei P30 Pro: before 10.1.0.160
Laya-AL00EP: before 10.1.0.160(C786E160R3P8)
Huawei Tony-AL00B: before 10.1.0.160
huawei Tony-TL00B: before 10.1.0.160
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU47502
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9107
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A local attacker can send a specially crafted message, trigger out-of-bounds read error and cause the process reboot.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei P30 Pro: before 10.1.0.160
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-readwriteoutbound-en
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?