CVE Vulnerability

CVE-2020-9237

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

6.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-02-smartphone-en Vendor Advisory
Configurations

Configuration 1
Information

Published : 2020-08-17 04:15

Updated : 2020-08-19 08:13

NVD link : CVE-2020-9237

Mitre link : CVE-2020-9237

Products Affected

Huawei

Taurus-al00b Firmware

CWE
CWE-416