Severity Rating: HIGH
Software Affected
•Honor View20, Versions earlier than 10.0.0.179(C636E3R4P3)
•Honor View20, Versions earlier than 10.0.0.180(C185E3R3P3)
•Honor View20, Versions earlier than 10.0.0.180(C432E10R3P4)
•Honor View20, Versions earlier than 10.0.0.188(C00E62R2P11)
•Honor 20, Versions earlier than 10.0.0.187(C00E60R4P11)
•Honor 20 PRO, Versions earlier than 10.0.0.187(C00E60R4P11)
•Honor Magic2, Versions earlier than 10.0.0.176(C00E60R2P11)
•Honor P20, Versions earlier than 10.0.0.156(C00E156R1P4)
Overview
Multiple vulnerabilities have been reported in Huawei Smartphones which
could allow an attacker to access sensitive information and bypass
authentication on the targeted system.
Description
1. Out of Bound Read Vulnerability ( CVE-2020-1808 )
An Out of Bound Read Vulnerability exists in some Huawei Smartphones. This
vulnerability exists because the software reads data past the intended
buffer. due to installing a crafted application. A remote attacker could
exploit this vulnerability by tricking the user into installing a crafted
application on the targeted system.
Successful exploitation of this vulnerability could allow the remote
attacker to access sensitive information from the targeted system.
2. Improper Authentication Bypass Vulnerability ( CVE-2020-9073 )
An Improper Authentication Bypass Vulnerability exists in Huawei
Smartphones due to insufficient validation of users identity in software.
In order to exploit this vulnerability, the attacker needs to have physical
access to the smartphone.
Successful exploitation of this vulnerability could allow the attacker to
bypass the limit of student mode function.
Solution
Upgrade to latest version
Vendor Information
Huawei
martphone-en
martphone-en
References
Huawei
martphone-en
martphone-en
CVE Name
CVE-2020-1808
CVE-2020-9073
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.