Lucene search

HuaweiCVE-2020-1793

HistoryMar 20, 2020 - 3:15 p.m.

CVE-2020-1793

2020-03-2015:15:13

CWE-287

huawei

web.nvd.nist.gov

cve-2020-1793

improper authentication

smartphones

applock

data breach

vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).

Affected configurations

Nvd

Vulners

Node

huaweimate_20Match-

AND

huaweimate_20_firmwareRange<10.0.0.188\(c00e74r3p8\)

Node

huaweimate_30_proMatch-

AND

huaweimate_30_pro_firmwareRange<10.0.0.203\(c00e202r7p2\)

VendorProductVersionCPE
huaweimate_20-cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*
huaweimate_20_firmware*cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
huaweimate_30_pro-cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*
huaweimate_30_pro_firmware*cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	mate_20	-	cpe:2.3:h:huawei:mate_20:-:::::::*
huawei	mate_20_firmware	*	cpe:2.3:o:huawei:mate_20_firmware::::::::
huawei	mate_30_pro	-	cpe:2.3:h:huawei:mate_30_pro:-:::::::*
huawei	mate_30_pro_firmware	*	cpe:2.3:o:huawei:mate_30_pro_firmware::::::::

CNA Affected

[
  {
    "product": "HUAWEI Mate 20;HUAWEI Mate 30 Pro",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.0.0.188(C00E74R3P8)"
      },
      {
        "status": "affected",
        "version": "Versions earlier than 10.0.0.203(C00E202R7P2)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

Related for CVE-2020-1793