CVE-2020-9084: Use After Free
First published: Fri Sep 18 2020(Updated: )
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Taurus ncmdump | <10.1.0.156\(c00e155r7p2\) | |
| Huawei Taurus ncmdump |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-9084?
CVE-2020-9084 is classified as a high severity use-after-free vulnerability that could lead to privilege escalation.
How do I fix CVE-2020-9084?
To fix CVE-2020-9084, update the Huawei Taurus-AN00B firmware to version 10.1.0.156 or later.
Who can exploit CVE-2020-9084?
CVE-2020-9084 can be exploited by an authenticated, local attacker performing specific operations.
What could happen if CVE-2020-9084 is successfully exploited?
Successful exploitation of CVE-2020-9084 may allow the attacker to obtain higher privileges and compromise the service.
Which versions are affected by CVE-2020-9084?
CVE-2020-9084 affects all versions of Huawei Taurus-AN00B firmware prior to 10.1.0.156.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/huawei
- canonical/huawei taurus ncmdump