Huawei Updates
1987Warning Date
Severity Level
Warning Number
Target Sector
27 May, 2020
● Medium
2020-1282
All
Description:
Huawei has released security updates to address multiple vulnerabilities in the following products:
- Honor 9X
- Versions earlier than 9.1.1.172(C00E170R8P1)
- HUAWEI Mate 20
- Versions earlier than 10.0.0.195(SP31C00E74R3P8)
- Versions earlier than 10.0.0.185(C00E74R3P8)
- Versions earlier than 10.0.0.143(C00E143R2P4)
- E6878-370
- 10.0.3.1(H557SP27C233)
- 10.0.3.1(H563SP1C233)
- CloudEngine 12800
- V200R019C00
- V200R019C00SPC600
- V200R019C00SPC800
- V200R019C10
- CloudEngine 6800
- V200R019C00SPC800
- HUAWEI P30
- Versions earlier than 10.1.0.135(C00E135R2P11)
- Berkeley-L09
- Versions earlier than 10.0.0.177(C10E3R1P4)
- Columbia-AL00A
- Versions earlier than 10.0.0.178(C00E178R1P4)
- Columbia-L29D
- Versions earlier than 10.0.0.177(C10E4R1P4)
- Versions earlier than 10.0.0.177(C432E3R1P4)
- Cornell-AL00A
- Versions earlier than 9.1.0.340(C00E333R1P1T8)
- HUAWEI nova 3
- Versions earlier than 9.1.0.338(C00E333R1P1T8)
- Honor View 20
- Versions earlier than 10.0.0.198(C432E10R3P4)
- Versions earlier than 10.0.0.200(C185E3R3P3)
- Paris-L29B
- Versions earlier than 9.1.0.380(C636E1R1P3T8)
- Princeton-AL10B
- Versions earlier than 10.0.0.194(C00E61R4P11)
- Sydney-AL00
- Versions earlier than 9.1.0.237(C00E80R1P7T8)
- SydneyM-AL00
- Versions earlier than 10.0.0.159(C00E64R1P5)
- Tony-AL00B
- Versions earlier than 10.1.0.137(C00E137R2P11)
- Yale-AL00A
- Versions earlier than 10.0.0.196(C00E62R8P12)
- YaleP-AL10B
- Versions earlier than 10.0.0.194(C00E62R8P12)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS).
- Escalation of privilege.
- Access clock information without unlock the phone.
- Execute arbitrary code.
Best practice and Recommendations:
The CERT team encourages users to review Huawei security advisory and apply the necessary updates:
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-05-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-04-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-stack-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-02-smartphone-en