CVE-2020-9118 — MEDIUM (6.8)

Vulnerability Description

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ais-Bw80H-00 Firmware	9.0.3.1\(h100sp3c00\)
Huawei	Ais-Bw80H-00	-

Related Weaknesses (CWE)

CWE-354

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-enVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-enVendor Advisory

FAQ

What is CVE-2020-9118?

CVE-2020-9118 is a vulnerability with a CVSS score of 6.8 (MEDIUM). There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacke...

How severe is CVE-2020-9118?

CVE-2020-9118 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9118?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ais-Bw80H-00 Firmware, Huawei Ais-Bw80H-00.