6.8

CVE-2020-9118

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).

Data is provided by the National Vulnerability Database (NVD)
HuaweiAis-bw80h-00 Firmware Version9.0.3.1(h100sp3c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.1(h100sp9c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.1(h100sp13c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.1(h100sp18c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.2(h100sp1c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.2(h100sp2c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.2(h100sp5c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.2(h100sp8c00)
   HuaweiAis-bw80h-00 Version-
HuaweiAis-bw80h-00 Firmware Version9.0.3.3(h100sp1c00)
   HuaweiAis-bw80h-00 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.011
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.