CVE-2020-9105: Input Validation
First published: Fri Oct 09 2020(Updated: )
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Taurus ncmdump | <10.1.0.156\(c00e155r7p2\) | |
| Huawei Taurus ncmdump |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-9105?
CVE-2020-9105 is considered a critical vulnerability due to its potential to allow attackers to access and modify device memory.
How do I fix CVE-2020-9105?
To remediate CVE-2020-9105, update the Huawei Taurus-AN00B firmware to version 10.1.0.156 or later.
What systems are affected by CVE-2020-9105?
CVE-2020-9105 affects Huawei Taurus-AN00B firmware versions prior to 10.1.0.156.
What type of vulnerability is CVE-2020-9105?
CVE-2020-9105 is categorized as an insufficient input validation vulnerability.
Can CVE-2020-9105 be exploited remotely?
Yes, CVE-2020-9105 can be exploited remotely if an attacker performs a specific series of operations.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/huawei
- canonical/huawei taurus ncmdump