Main Vulnerability Database SB2021011802

SB2021011802 - Improper validation of integrity check value in Huawei Myna

Published: January 18, 2021

Security Bulletin ID SB2021011802

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper validation of integrity check value (CVE-ID: CVE-2020-9210)

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to a module does not perform sufficient integrity check. An attacker with physical access can install malware and compromise normal service of the affected device.

Remediation

Install update from vendor's website.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210106-01-myna-en