nvd-json-data-feeds/CVE-2020/CVE-2020-90xx/CVE-2020-9065.json

{
  "id": "CVE-2020-9065",
  "sourceIdentifier": "psirt@huawei.com",
  "published": "2020-03-26T15:15:25.210",
  "lastModified": "2020-03-30T20:14:16.337",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability."
    },
    {
      "lang": "es",
      "value": "El tel\u00e9fono inteligente Huawei Taurus-AL00B con versiones anteriores a 10.0.0.203(C00E201R7P2), presenta una vulnerabilidad de uso la memoria previamente liberada (UAF). Un atacante local autenticado puede realizar operaciones espec\u00edficas para explotar esta vulnerabilidad. Una explotaci\u00f3n con \u00e9xito puede alterar la informaci\u00f3n para afectar la disponibilidad."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:huawei:taurus-al00b_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "10.0.0.203\\(c00e201r7p2\\)",
              "matchCriteriaId": "5FD3D27F-D07E-4598-82F1-40884635C458"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:taurus-al00b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BEAD51-0413-4082-9EDE-9E252FF32A4F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-smartphone-en",
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}