CVE-2020-9069

Description

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earlier than 10.0.2.8; CD18-16 Versions earlier than 10.0.2.8; Columbia-TL00B Versions earlier than 9.0.0.187(C01E181R1P20T8); E6878-370 Versions earlier than 10.0.5.1(H610SP10C00); HUAWEI P30 lite Versions earlier than 10.0.0.185(C605E3R1P3), Versions earlier than 10.0.0.197(C432E8R2P7); HUAWEI nova 4e Versions earlier than 10.0.0.158(C00E64R1P9); Honor 10 Lite 9.0.1.113(C675E11R1P12); LelandP-L22A Versions earlier than 9.1.0.166(C675E5R1P4T8); Marie-AL00AX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00AY Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00BX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-L03BX Versions earlier than 10.0.0.188(C605E5R1P1); Marie-L21BX Versions earlier than 10.0.0.188(C432E4R4P1), Versions earlier than 10.0.0.188(C461E5R3P1); Marie-L22BX Versions earlier than 10.0.0.188(C636E3R3P1); Marie-L23BX Versions earlier than 10.0.0.188(C605E5R1P1); TC5200-16 Versions earlier than 10.0.2.8; WS5200-11 Versions earlier than 10.0.2.8; WS5200-12 Versions earlier than 10.0.2.23; WS5200-16 Versions earlier than 10.0.2.8; WS5200-17 Versions earlier than 10.0.2.23; WS5800-10 Versions earlier than 10.0.3.27; WS6500-10 Versions earlier than 10.0.2.8; WS6500-16 Versions earlier than 10.0.2.8

6.5

CVSS

Severity: Medium

CVSS 3.1 •

CVSS 2.0 •

EPSS 0.04%

Vendor Advisory huawei.com

Affected: HUAWEI Anne-AL00

Affected: HUAWEI Berkeley-L09

Affected: HUAWEI CD16-10

Affected: HUAWEI CD17-10

Affected: HUAWEI CD17-16

Affected: HUAWEI CD18-10

Affected: HUAWEI CD18-16

Affected: HUAWEI Columbia-TL00B

Affected: HUAWEI E6878-370

Affected: HUAWEI HUAWEI P30 lite

Affected: HUAWEI HUAWEI nova 4e

Affected: HUAWEI Honor 10 Lite

Affected: HUAWEI LelandP-L22A

Affected: HUAWEI Marie-AL00AX

Affected: HUAWEI Marie-AL00AY

Affected: HUAWEI Marie-AL00BX

Affected: HUAWEI Marie-L03BX

Affected: HUAWEI Marie-L21BX

Affected: HUAWEI Marie-L22BX

Affected: HUAWEI Marie-L23BX

Affected: HUAWEI TC5200-16

Affected: HUAWEI WS5200-11

Affected: HUAWEI WS5200-12

Affected: HUAWEI WS5200-16

Affected: HUAWEI WS5200-17

Affected: HUAWEI WS5800-10

Affected: HUAWEI WS6500-10

Affected: HUAWEI WS6500-16

References

Link	Tags
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200520-01-leakage-en	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-9069?: CVE-2020-9069 has been scored as a medium severity vulnerability.
How to fix CVE-2020-9069?: To fix CVE-2020-9069, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-9069 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-9069 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-9069?: CVE-2020-9069 affects HUAWEI Anne-AL00, HUAWEI Berkeley-L09, HUAWEI CD16-10, HUAWEI CD17-10, HUAWEI CD17-16, HUAWEI CD18-10, HUAWEI CD18-16, HUAWEI Columbia-TL00B, HUAWEI E6878-370, HUAWEI HUAWEI P30 lite, HUAWEI HUAWEI nova 4e, HUAWEI Honor 10 Lite, HUAWEI LelandP-L22A, HUAWEI Marie-AL00AX, HUAWEI Marie-AL00AY, HUAWEI Marie-AL00BX, HUAWEI Marie-L03BX, HUAWEI Marie-L21BX, HUAWEI Marie-L22BX, HUAWEI Marie-L23BX, HUAWEI TC5200-16, HUAWEI WS5200-11, HUAWEI WS5200-12, HUAWEI WS5200-16, HUAWEI WS5200-17, HUAWEI WS5800-10, HUAWEI WS6500-10, HUAWEI WS6500-16.