Lucene search

[email protected]CVE-2020-1882

HistoryFeb 18, 2020 - 12:15 a.m.

CVE-2020-1882

2020-02-1800:15:11

[email protected]

web.nvd.nist.gov

huawei

mobile phones

vulnerability

improper authorization

cve-2020-1882

security

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.

Affected configurations

NVD

Node

huaweimate_20_rs_firmwareRange<10.0.0.175\(c786e70r3p8\)

AND

huaweimate_20_rsMatch-

Node

huaweimate_20_x_firmwareRange<10.0.0.176\(c00e70r2p8\)

AND

huaweimate_20_xMatch-

Node

huaweihonor_magic2_firmwareRange<10.0.0.175\(c00e59r2p11\)

AND

huaweihonor_magic2Match-

Node

huaweiever-l29b_firmwareRange<10.0.0.180\(c185e6r3p3\)

AND

huaweiever-l29bMatch-

Node

huaweiever-l29b_firmwareRange<10.0.0.180\(c432e6r1p7\)

AND

huaweiever-l29bMatch-

Node

huaweiever-l29b_firmwareRange<10.0.0.180\(c636e5r2p3\)

AND

huaweiever-l29bMatch-

CPENameOperatorVersion
huawei:mate_20_rs_firmwarehuawei mate 20 rs firmwarelt10.0.0.175\(c786e70r3p8\)

CPE	Name	Operator	Version
huawei:mate_20_rs_firmware	huawei mate 20 rs firmware	lt	10.0.0.175\(c786e70r3p8\)

CNA Affected

[
  {
    "product": "Ever-L29B",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 10.0.0.180(C185E6R3P3)"
      },
      {
        "status": "affected",
        "version": "earlier than 10.0.0.180(C432E6R1P7)"
      },
      {
        "status": "affected",
        "version": "earlier than 10.0.0.180(C636E5R2P3)"
      }
    ]
  },
  {
    "product": "HUAWEI Mate 20 RS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 10.0.0.175(C786E70R3P8)"
      }
    ]
  },
  {
    "product": "HUAWEI Mate 20 X",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 10.0.0.176(C00E70R2P8)"
      }
    ]
  },
  {
    "product": "Honor Magic2",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 10.0.0.175(C00E59R2P11)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for CVE-2020-1882

cvelist1 prion1 huawei1 nvd1