CVE-2020-9253

There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:lion-al00c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:lion-al00c:-:*:*:*:*:*:*:*

History

13 Jan 2025, 19:38

Type	Values Removed	Values Added
CPE		cpe:2.3:h:huawei:lion-al00c:-:::::::* cpe:2.3:o:huawei:lion-al00c_firmware::::::::
References	~~() https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en -~~	() https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en - Vendor Advisory
CWE		CWE-787
First Time		Huawei lion-al00c Firmware Huawei lion-al00c Huawei
Summary		(es) Existe una vulnerabilidad de desbordamiento de pila en algunos teléfonos inteligentes Huawei. Un atacante puede crear un paquete específico para explotar esta vulnerabilidad. Debido a una verificación insuficiente, esto podría aprovecharse para alterar la información y afectar la disponibilidad. (ID de vulnerabilidad: HWPSIRT-2019-11030) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposición común (CVE): CVE-2020-9253.

27 Dec 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 10:15

Updated : 2025-01-13 19:38

NVD link : CVE-2020-9253

Mitre link : CVE-2020-9253

CVE.ORG link : CVE-2020-9253

JSON object : View

Products Affected

huawei

lion-al00c_firmware
lion-al00c

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-9253", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@huawei.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-12-27T10:15:16.610", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@huawei.com", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de pila en algunos tel\u00e9fonos inteligentes Huawei. Un atacante puede crear un paquete espec\u00edfico para explotar esta vulnerabilidad. Debido a una verificaci\u00f3n insuficiente, esto podr\u00eda aprovecharse para alterar la informaci\u00f3n y afectar la disponibilidad. (ID de vulnerabilidad: HWPSIRT-2019-11030) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposici\u00f3n com\u00fan (CVE): CVE-2020-9253."}], "lastModified": "2025-01-13T19:38:19.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:lion-al00c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DECBFA7-FD9F-420C-846C-FA096498AC63", "versionEndExcluding": "10.1.0.150\\(c00e136r5p3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:lion-al00c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AE20666-6456-48C3-B612-95DC67FA1FE1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}