CVE-2020-9065

Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:taurus-al00b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:taurus-al00b:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-26 15:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-9065

Mitre link : CVE-2020-9065

CVE.ORG link : CVE-2020-9065

JSON object : View

Products Affected

huawei

taurus-al00b
taurus-al00b_firmware

CWE

CWE-416

Use After Free

{"id": "CVE-2020-9065", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-03-26T15:15:25.210", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability."}, {"lang": "es", "value": "El tel\u00e9fono inteligente Huawei Taurus-AL00B con versiones anteriores a 10.0.0.203(C00E201R7P2), presenta una vulnerabilidad de uso la memoria previamente liberada (UAF). Un atacante local autenticado puede realizar operaciones espec\u00edficas para explotar esta vulnerabilidad. Una explotaci\u00f3n con \u00e9xito puede alterar la informaci\u00f3n para afectar la disponibilidad."}], "lastModified": "2020-03-30T20:14:16.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:taurus-al00b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FD3D27F-D07E-4598-82F1-40884635C458", "versionEndExcluding": "10.0.0.203\\(c00e201r7p2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:taurus-al00b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "89BEAD51-0413-4082-9EDE-9E252FF32A4F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}