CVE & CISA-KEV Catalog

CVE-2020-9069

MEDIUM
6.5
CVSS v3
NVD

Description

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earlier than 10.0.2.8; CD18-16 Versions earlier than 10.0.2.8; Columbia-TL00B Versions earlier than 9.0.0.187(C01E181R1P20T8); E6878-370 Versions earlier than 10.0.5.1(H610SP10C00); HUAWEI P30 lite Versions earlier than 10.0.0.185(C605E3R1P3), Versions earlier than 10.0.0.197(C432E8R2P7); HUAWEI nova 4e Versions earlier than 10.0.0.158(C00E64R1P9); Honor 10 Lite 9.0.1.113(C675E11R1P12); LelandP-L22A Versions earlier than 9.1.0.166(C675E5R1P4T8); Marie-AL00AX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00AY Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00BX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-L03BX Versions earlier than 10.0.0.188(C605E5R1P1); Marie-L21BX Versions earlier than 10.0.0.188(C432E4R4P1), Versions earlier than 10.0.0.188(C461E5R3P1); Marie-L22BX Versions earlier than 10.0.0.188(C636E3R3P1); Marie-L23BX Versions earlier than 10.0.0.188(C605E5R1P1); TC5200-16 Versions earlier than 10.0.2.8; WS5200-11 Versions earlier than 10.0.2.8; WS5200-12 Versions earlier than 10.0.2.23; WS5200-16 Versions earlier than 10.0.2.8; WS5200-17 Versions earlier than 10.0.2.23; WS5800-10 Versions earlier than 10.0.3.27; WS6500-10 Versions earlier than 10.0.2.8; WS6500-16 Versions earlier than 10.0.2.8

How to fix

Remediation Available
anne-al00 firmwareNVD
Affected:< 9.1.0.331(c675e9r1p3t8)Fixed in:9.1.0.331(c675e9r1p3t8)CVE-2020-9069derived from NVD
berkeley-l09 firmwareNVD
Affected:< 10.0.1.1(c675r1)Fixed in:10.0.1.1(c675r1)CVE-2020-9069derived from NVD
cd16-10 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
cd17-10 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
cd17-16 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
cd18-10 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
cd18-16 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
columbia-tl00b firmwareNVD
Affected:< 9.0.0.187(c01e181r1p20t8)Fixed in:9.0.0.187(c01e181r1p20t8)CVE-2020-9069derived from NVD
e6878-370 firmwareNVD
Affected:< 10.0.5.1(h610sp10c00)Fixed in:10.0.5.1(h610sp10c00)CVE-2020-9069derived from NVD
honor 10 lite firmwareNVD
Affected:< 10.0.0.182(c675e17r2p2)Fixed in:10.0.0.182(c675e17r2p2)CVE-2020-9069derived from NVD
lelandp-l22a firmwareNVD
Affected:< 9.1.0.166(c675e5r1p4t8)Fixed in:9.1.0.166(c675e5r1p4t8)CVE-2020-9069derived from NVD
tc5200-16 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
ws5200-11 firmwareNVD
Affected:< 10.0.2.23Fixed in:10.0.2.23CVE-2020-9069derived from NVD
ws5200-16 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
ws5200-17 firmwareNVD
Affected:< 10.0.2.23Fixed in:10.0.2.23CVE-2020-9069derived from NVD
ws5800-10 firmwareNVD
Affected:< 10.0.3.27Fixed in:10.0.3.27CVE-2020-9069derived from NVD
ws6500-10 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD
ws6500-16 firmwareNVD
Affected:< 10.0.2.8Fixed in:10.0.2.8CVE-2020-9069derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.34%probability of exploitation in 30 days
26thpercentile

Low risk: more likely to be exploited than 26% of all known CVEs.

References

Vendor Advisory1
Embed a live status badge for CVE-2020-9069
CVE-2020-9069 severity badge

Markdown

[![CVE-2020-9069](https://tridentstack.com/cve/badge/CVE-2020-9069.svg)](https://tridentstack.com/cve/CVE-2020-9069)

HTML

<a href="https://tridentstack.com/cve/CVE-2020-9069"><img src="https://tridentstack.com/cve/badge/CVE-2020-9069.svg" alt="CVE-2020-9069"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.