CVE-2020-9084 - Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability

CVE-2020-9084

Summary

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en

Vulnerable Configurations

cpe:2.3:o:huawei:taurus-an00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:taurus-an00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:taurus-an00b:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:taurus-an00b:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 29-09-2020 - 16:02)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en

Last major update

29-09-2020 - 16:02

Published

18-09-2020 - 19:15

Last modified

29-09-2020 - 16:02