cnvd - cnvd-2021-05397

cnvd-2021-05397

Vulnerability from cnvd

Title: Huawei Mate 30缓冲区溢出漏洞（CNVD-2021-05397）

Description:

Huawei Mate 30是中国华为（Huawei）公司的一款智能手机。

Huawei Mate 30存在缓冲区溢出漏洞，攻击者可利用该漏洞通过向目标设备发送带有特定参数的精心制作的包来利用这个漏洞。由于对参数的验证不足，成功的攻击可能会导致设备行为异常。

Severity: 中

Patch Name: Huawei Mate 30缓冲区溢出漏洞（CNVD-2021-05397）的补丁

Patch Description:

Huawei Mate 30是中国华为（Huawei）公司的一款智能手机。

Huawei Mate 30存在缓冲区溢出漏洞，攻击者可利用该漏洞通过向目标设备发送带有特定参数的精心制作的包来利用这个漏洞。由于对参数的验证不足，成功的攻击可能会导致设备行为异常。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-9209

Impacted products

Name
Huawei HUAWEI Mate 30

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9209",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9209"
    }
  },
  "description": "Huawei Mate 30\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\nHuawei Mate 30\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u5e26\u6709\u7279\u5b9a\u53c2\u6570\u7684\u7cbe\u5fc3\u5236\u4f5c\u7684\u5305\u6765\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u3002\u7531\u4e8e\u5bf9\u53c2\u6570\u7684\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u6210\u529f\u7684\u653b\u51fb\u53ef\u80fd\u4f1a\u5bfc\u81f4\u8bbe\u5907\u884c\u4e3a\u5f02\u5e38\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-05397",
  "openTime": "2021-01-22",
  "patchDescription": "Huawei Mate 30\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\nHuawei Mate 30\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u5e26\u6709\u7279\u5b9a\u53c2\u6570\u7684\u7cbe\u5fc3\u5236\u4f5c\u7684\u5305\u6765\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u3002\u7531\u4e8e\u5bf9\u53c2\u6570\u7684\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u6210\u529f\u7684\u653b\u51fb\u53ef\u80fd\u4f1a\u5bfc\u81f4\u8bbe\u5907\u884c\u4e3a\u5f02\u5e38\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Mate 30\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-05397\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei HUAWEI Mate 30"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9209",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-08",
  "title": "Huawei Mate 30\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-05397\uff09"
}

CVE-2020-9209 (GCVE-0-2020-9209)

Vulnerability from cvelistv5

Published

2021-01-13 22:04

Modified

2024-08-04 10:19

Severity ?

CWE

Privilege Escalation

Summary

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

References

▼	URL	Tags
	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	SMC2.0	Version: V600R006C00SPC700,V600R006C00SPC800,V600R006C10SPC500,V600R006C10SPC600,V600R006C10SPC601,V600R006C10SPC602,V600R006C10SPC700,V600R006C10SPC800,V600R006C10SPCa00,V600R006C10SPCb00,V600R006C10SPCc00,V600R006C10SPCd00,V600R006C10SPCe00,V600R019C00,V600R019C10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:19:20.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SMC2.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V600R006C00SPC700,V600R006C00SPC800,V600R006C10SPC500,V600R006C10SPC600,V600R006C10SPC601,V600R006C10SPC602,V600R006C10SPC700,V600R006C10SPC800,V600R006C10SPCa00,V600R006C10SPCb00,V600R006C10SPCc00,V600R006C10SPCd00,V600R006C10SPCe00,V600R019C00,V600R019C10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-13T22:04:37",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-9209",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SMC2.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V600R006C00SPC700,V600R006C00SPC800,V600R006C10SPC500,V600R006C10SPC600,V600R006C10SPC601,V600R006C10SPC602,V600R006C10SPC700,V600R006C10SPC800,V600R006C10SPCa00,V600R006C10SPCb00,V600R006C10SPCc00,V600R006C10SPCd00,V600R006C10SPCe00,V600R019C00,V600R019C10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-9209",
    "datePublished": "2021-01-13T22:04:37",
    "dateReserved": "2020-02-18T00:00:00",
    "dateUpdated": "2024-08-04T10:19:20.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted