#VU47654 Input validation error


Published: 2020-10-15

Vulnerability identifier: #VU47654

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9092

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Huawei Mate 20
Client/Desktop applications / Multimedia software

Vendor: Huawei

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: All versions


CPE

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability