PT-2020-20547 · Huawei+1 · Huawei Mate 20+1
Published
2020-07-17
·
Updated
2020-07-22
·
CVE-2020-9252
CVSS v3.1
2.3
Low
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8)
HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8)
HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8)
Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11)
Description
The system does not sufficiently validate certain pathnames from certain processes, which could allow an attacker to write files to a crafted path if the issue is successfully exploited.
Recommendations
For HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), update to version 10.1.0.160(C00E160R3P8) or later.
For HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), update to version 10.1.0.135(C00E135R2P8) or later.
For HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), update to version 10.1.0.160(C786E160R3P8) or later.
For Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11), update to version 10.1.0.160(C00E160R2P11) or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Mate 20
Honor Magic2