fkie_nvd - fkie_cve-2020-9140

fkie_cve-2020-9140

Vulnerability from fkie_nvd

Published

2021-01-13 22:15

Modified

2024-11-21 05:40

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.

References

▼	URL	Tags
	psirt@huawei.com	https://consumer.huawei.com/en/support/bulletin/2020/12/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://consumer.huawei.com/en/support/bulletin/2020/12/	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	emui	9.1.0
huawei	emui	9.1.1
huawei	emui	10.0.0
huawei	emui	10.1.0
huawei	emui	10.1.1
huawei	emui	11.0.0
huawei	magic_ui	2.1.1
huawei	magic_ui	3.0.0
huawei	magic_ui	3.1.0
huawei	magic_ui	3.1.1
huawei	magic_ui	4.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:emui:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "940801A5-523C-40D6-BB43-25BC78ADDE61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:emui:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E6D0F53-9E85-4877-B558-4F5FB1F865D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:emui:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "504F2E73-FFD0-4589-8644-FE77656BB28D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:emui:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66AC7F91-917C-40A6-9983-A339EFB091F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FF0AD1-22C2-423B-822A-E6496CEDAB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B701EC6-8208-4D22-95A6-B07D471A8A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:magic_ui:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E5FFC0-53B4-4A34-8A23-BC70AA565703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:magic_ui:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A7A4346-1757-48F9-827C-13EABC357302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:magic_ui:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAE846A-00EA-417F-B66F-1F5396BB6139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:magic_ui:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B655712B-E86C-4BD2-8A99-AEA382C520E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6066FAB-23F5-4CB2-B89E-B00F8835AC39",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad con el acceso al b\u00fafer con un valor de longitud incorrecto en algunos tel\u00e9fonos inteligentes Huawei. Los usuarios no autorizados pueden activar la ejecuci\u00f3n del c\u00f3digo cuando se produce un desbordamiento del b\u00fafer."
    }
  ],
  "id": "CVE-2020-9140",
  "lastModified": "2024-11-21T05:40:07.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-13T22:15:14.020",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-9140 (GCVE-0-2020-9140)

Vulnerability from cvelistv5

Published

2021-01-13 21:55