Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Adjacent_network
0

CVE-2020-9069

Disclosure Date: May 21, 2020
CVE-2020-9069 CVSS v3 Base Score: 6.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earlier than 10.0.2.8; CD18-16 Versions earlier than 10.0.2.8; Columbia-TL00B Versions earlier than 9.0.0.187(C01E181R1P20T8); E6878-370 Versions earlier than 10.0.5.1(H610SP10C00); HUAWEI P30 lite Versions earlier than 10.0.0.185(C605E3R1P3), Versions earlier than 10.0.0.197(C432E8R2P7); HUAWEI nova 4e Versions earlier than 10.0.0.158(C00E64R1P9); Honor 10 Lite 9.0.1.113(C675E11R1P12); LelandP-L22A Versions earlier than 9.1.0.166(C675E5R1P4T8); Marie-AL00AX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00AY Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00BX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-L03BX Versions earlier than 10.0.0.188(C605E5R1P1); Marie-L21BX Versions earlier than 10.0.0.188(C432E4R4P1), Versions earlier than 10.0.0.188(C461E5R3P1); Marie-L22BX Versions earlier than 10.0.0.188(C636E3R3P1); Marie-L23BX Versions earlier than 10.0.0.188(C605E5R1P1); TC5200-16 Versions earlier than 10.0.2.8; WS5200-11 Versions earlier than 10.0.2.8; WS5200-12 Versions earlier than 10.0.2.23; WS5200-16 Versions earlier than 10.0.2.8; WS5200-17 Versions earlier than 10.0.2.23; WS5800-10 Versions earlier than 10.0.3.27; WS6500-10 Versions earlier than 10.0.2.8; WS6500-16 Versions earlier than 10.0.2.8

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Anne-AL00 earlier than 9.1.0.331(C675E9R1P3T8)
Berkeley-L09 earlier than 10.0.1.1(C675R1)
CD16-10 earlier than 10.0.2.8
CD17-10 earlier than 10.0.2.8
CD17-16 earlier than 10.0.2.8
CD18-10 earlier than 10.0.2.8
CD18-16 earlier than 10.0.2.8
Columbia-TL00B earlier than 9.0.0.187(C01E181R1P20T8)
E6878-370 earlier than 10.0.5.1(H610SP10C00)
HUAWEI P30 lite earlier than 10.0.0.185(C605E3R1P3)
HUAWEI P30 lite earlier than 10.0.0.197(C432E8R2P7)
HUAWEI nova 4e earlier than 10.0.0.158(C00E64R1P9)
Honor 10 Lite 9.0.1.113(C675E11R1P12)
LelandP-L22A earlier than 9.1.0.166(C675E5R1P4T8)
Marie-AL00AX earlier than 10.0.0.158(C00E64R1P9)
Marie-AL00AY earlier than 10.0.0.158(C00E64R1P9)
Marie-AL00BX earlier than 10.0.0.158(C00E64R1P9)
Marie-L03BX earlier than 10.0.0.188(C605E5R1P1)
Marie-L21BX earlier than 10.0.0.188(C432E4R4P1)
Marie-L21BX earlier than 10.0.0.188(C461E5R3P1)
Marie-L22BX earlier than 10.0.0.188(C636E3R3P1)
Marie-L23BX earlier than 10.0.0.188(C605E5R1P1)
TC5200-16 earlier than 10.0.2.8
WS5200-11 earlier than 10.0.2.8
WS5200-12 earlier than 10.0.2.23
WS5200-16 earlier than 10.0.2.8
WS5200-17 earlier than 10.0.2.23
WS5800-10 earlier than 10.0.3.27
WS6500-10 earlier than 10.0.2.8
WS6500-16 earlier than 10.0.2.8
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis