PT-2020-20509 · Huawei · Sydneym-Al00+1
Published
2020-12-01
·
Updated
2020-12-04
·
CVE-2020-9117
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4)
SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5)
Description
The issue is related to an out-of-bounds read and write vulnerability. An attacker with specific permissions can craft a malformed packet with a specific parameter and send it to the affected products. Due to insufficient validation of the packet, this may be exploited to cause information leakage or arbitrary code execution.
Recommendations
For HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4), update to version 10.0.0.165(C01E34R2P4) or later.
For SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5), update to version 10.0.0.165(C00E66R1P5) or later.
As a temporary workaround, consider restricting access to the affected products to minimize the risk of exploitation.
Fix
Out of bounds Read
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Huawei Nova 4
Sydneym-Al00