medium
6.5
Advisory Published
Updated

CVE-2020-9069

First published: Thu May 21 2020(Updated: )

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earlier than 10.0.2.8; CD18-16 Versions earlier than 10.0.2.8; Columbia-TL00B Versions earlier than 9.0.0.187(C01E181R1P20T8); E6878-370 Versions earlier than 10.0.5.1(H610SP10C00); HUAWEI P30 lite Versions earlier than 10.0.0.185(C605E3R1P3), Versions earlier than 10.0.0.197(C432E8R2P7); HUAWEI nova 4e Versions earlier than 10.0.0.158(C00E64R1P9); Honor 10 Lite 9.0.1.113(C675E11R1P12); LelandP-L22A Versions earlier than 9.1.0.166(C675E5R1P4T8); Marie-AL00AX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00AY Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00BX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-L03BX Versions earlier than 10.0.0.188(C605E5R1P1); Marie-L21BX Versions earlier than 10.0.0.188(C432E4R4P1), Versions earlier than 10.0.0.188(C461E5R3P1); Marie-L22BX Versions earlier than 10.0.0.188(C636E3R3P1); Marie-L23BX Versions earlier than 10.0.0.188(C605E5R1P1); TC5200-16 Versions earlier than 10.0.2.8; WS5200-11 Versions earlier than 10.0.2.8; WS5200-12 Versions earlier than 10.0.2.23; WS5200-16 Versions earlier than 10.0.2.8; WS5200-17 Versions earlier than 10.0.2.23; WS5800-10 Versions earlier than 10.0.3.27; WS6500-10 Versions earlier than 10.0.2.8; WS6500-16 Versions earlier than 10.0.2.8

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei Anne-al00 Firmware<9.1.0.331\(c675e9r1p3t8\)
Huawei Anne-al00
Huawei Berkeley-l09 Firmware<10.0.1.1\(c675r1\)
Apple tvOS
Huawei Cd16-10 Firmware<10.0.2.8
Huawei Cd16-10
Huawei Cd17-10 Firmware<10.0.2.8
Huawei Cd17-10
Huawei Cd17-16 Firmware<10.0.2.8
Huawei Cd17-16
Huawei Cd18-10 Firmware<10.0.2.8
Huawei Cd18-10
Huawei Cd18-16 Firmware<10.0.2.8
Huawei Cd18-16
Huawei Columbia-tl00b Firmware<9.0.0.187\(c01e181r1p20t8\)
Huawei Columbia-tl00b
Huawei E6878-370 Firmware<10.0.5.1\(h610sp10c00\)
Huawei E6878-370
Huawei Honor 10 Lite Firmware<10.0.0.182\(c675e17r2p2\)
Huawei Honor 10 Lite
Huawei Lelandp-l22a Firmware<9.1.0.166\(c675e5r1p4t8\)
Huawei Lelandp-l22a
Huawei Tc5200-16 Firmware<10.0.2.8
Huawei Tc5200-16
Huawei Ws5200-11 Firmware<10.0.2.8
Huawei Ws5200-11
Huawei Ws5200-11 Firmware<10.0.2.23
Huawei Ws5200-16 Firmware<10.0.2.8
Huawei Ws5200-16
Huawei Ws5200-17 Firmware<10.0.2.23
Huawei Ws5200-17
Huawei Ws5800-10 Firmware<10.0.3.27
Huawei Ws5800-10
Huawei Ws6500-10 Firmware<10.0.2.8
Huawei Ws6500-10
Huawei Ws6500-16 Firmware<10.0.2.8
Huawei Ws6500-16

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID of this information leakage vulnerability?

    The vulnerability ID is CVE-2020-9069.

  • What is the severity level of CVE-2020-9069?

    The severity level of CVE-2020-9069 is medium.

  • Which Huawei products are affected by CVE-2020-9069?

    The affected products include Huawei Anne-AL00 (versions earlier than 9.1.0.331), Huawei Berkeley-l09 (versions earlier than 10.0.1.1), Huawei Cd16-10 (version earlier than 10.0.2.8), Huawei Cd17-10 (version earlier than 10.0.2.8), Huawei Cd17-16 (version earlier than 10.0.2.8), Huawei Cd18-10 (version earlier than 10.0.2.8), Huawei Cd18-16 (version earlier than 10.0.2.8), Huawei Columbia-tl00b (versions earlier than 9.0.0.187), Huawei E6878-370 (versions earlier than 10.0.5.1), Huawei Honor 10 Lite (versions earlier than 10.0.0.182), Huawei Lelandp-l22a (versions earlier than 9.1.0.166), Huawei Tc5200-16 (version earlier than 10.0.2.8), Huawei Ws5200-11 (version earlier than 10.0.2.8 and 10.0.2.23), Huawei Ws5200-16 (version earlier than 10.0.2.8), Huawei Ws5200-17 (version earlier than 10.0.2.23), Huawei Ws5800-10 (version earlier than 10.0.3.27), Huawei Ws6500-10 (version earlier than 10.0.2.8), and Huawei Ws6500-16 (version earlier than 10.0.2.8).

  • What is the impact of exploiting CVE-2020-9069?

    Successful exploitation of CVE-2020-9069 may lead to information leakage randomly.

  • How can I fix CVE-2020-9069?

    To fix CVE-2020-9069, update the affected Huawei products to the specified versions or apply the recommended security patches provided by Huawei.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203