Resource management error in Huawei eUDC660

Published: 2021-02-03

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-9206
CWE-ID	CWE-399
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	eUDC660 Hardware solutions / Firmware
Vendor	Huawei

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU50287

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-9206

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to improper management of internal resources within the application. A local administrator can pass specially crafted data to the application, obtain the key file and decrypt data, affecting confidentiality, integrity, and availability of the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eUDC660: V100R005C00

CPE2.3

cpe:2.3:h:huawei:eudc660:V100R005C00:*:*:*:*:*:*:*

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-resourcemanagement-en

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.