CVE-2020-9210

There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-myna-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:myna_firmware:9.0.1.11\(h100sp8c00\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:myna:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-27 10:15

Updated : 2025-01-13 18:57

NVD link : CVE-2020-9210

Mitre link : CVE-2020-9210

CVE.ORG link : CVE-2020-9210

JSON object : View

Products Affected

huawei

myna_firmware
myna

CWE

CWE-354

Improper Validation of Integrity Check Value

{"id": "CVE-2020-9210", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-12-27T10:15:14.037", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-myna-en", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-354"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210."}, {"lang": "es", "value": "Existe una vulnerabilidad de integridad insuficiente en los productos Huawei. Un m\u00f3dulo no realiza una comprobaci\u00f3n de integridad suficiente en un escenario espec\u00edfico. Los atacantes pueden aprovechar la vulnerabilidad instalando f\u00edsicamente malware. Esto podr\u00eda comprometer el funcionamiento normal del dispositivo afectado. (ID de vulnerabilidad: HWPSIRT-2020-00145) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposici\u00f3n com\u00fan (CVE): CVE-2020-9210."}], "lastModified": "2025-01-13T18:57:02.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.11\\(h100sp8c00\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0434DA5-3F63-4455-B0F8-56FB0DF018FA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:myna:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BACFD2A8-564D-4212-973D-F6C5FC0BA689"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}