CVE-2020-9235 Information

Feb 14, 2021 cve

Description

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1)Versions earlier than 10.1.0.231(C10E3R3P2)Versions earlier than 10.1.0.231(C185E3R5P1)Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4)Versions earlier than 10.1.0.213(C636E3R4P3)Versions earlier than 10.1.0.214(C10E5R4P3)Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1)Versions earlier than 10.1.0.231(C10E3R3P2)Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2)Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5

Share on: