Buffer overflow in Huawei products - CVE-2020-9247
Published: September 23, 2020
Vulnerability identifier: #VU46993
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-9247
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei Honor 20 PRO
Huawei Mate 20
Huawei Mate 20 Pro
Huawei Mate 20 X
Huawei P30
Huawei P30 Pro
Hima-L29C
Laya-AL00EP
Princeton-AL10B
Huawei Tony-AL00B
Yale-L61A
Yale-TL00B
YaleP-AL10B
Huawei Honor 20 PRO
Huawei Mate 20
Huawei Mate 20 Pro
Huawei Mate 20 X
Huawei P30
Huawei P30 Pro
Hima-L29C
Laya-AL00EP
Princeton-AL10B
Huawei Tony-AL00B
Yale-L61A
Yale-TL00B
YaleP-AL10B
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local administrator can trick a victim to install a malicious application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.