CVE-2020-9253

There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:lion-al00c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:lion-al00c:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-27 10:15

Updated : 2025-01-13 19:38

NVD link : CVE-2020-9253

Mitre link : CVE-2020-9253

CVE.ORG link : CVE-2020-9253

JSON object : View

Products Affected

huawei

lion-al00c
lion-al00c_firmware

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-9253", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@huawei.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-12-27T10:15:16.610", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@huawei.com", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de pila en algunos tel\u00e9fonos inteligentes Huawei. Un atacante puede crear un paquete espec\u00edfico para explotar esta vulnerabilidad. Debido a una verificaci\u00f3n insuficiente, esto podr\u00eda aprovecharse para alterar la informaci\u00f3n y afectar la disponibilidad. (ID de vulnerabilidad: HWPSIRT-2019-11030) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposici\u00f3n com\u00fan (CVE): CVE-2020-9253."}], "lastModified": "2025-01-13T19:38:19.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:lion-al00c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DECBFA7-FD9F-420C-846C-FA096498AC63", "versionEndExcluding": "10.1.0.150\\(c00e136r5p3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:lion-al00c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AE20666-6456-48C3-B612-95DC67FA1FE1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}