{
  "id": "CVE-2020-9210",
  "sourceIdentifier": "psirt@huawei.com",
  "published": "2024-12-27T10:15:14.037",
  "lastModified": "2025-01-13T18:57:02.907",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de integridad insuficiente en los productos Huawei. Un m\u00f3dulo no realiza una comprobaci\u00f3n de integridad suficiente en un escenario espec\u00edfico. Los atacantes pueden aprovechar la vulnerabilidad instalando f\u00edsicamente malware. Esto podr\u00eda comprometer el funcionamiento normal del dispositivo afectado. (ID de vulnerabilidad: HWPSIRT-2020-00145) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposici\u00f3n com\u00fan (CVE): CVE-2020-9210."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@huawei.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@huawei.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-354"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-354"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.11\\(h100sp8c00\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C0434DA5-3F63-4455-B0F8-56FB0DF018FA"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:myna:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BACFD2A8-564D-4212-973D-F6C5FC0BA689"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-myna-en",
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}