Lucene search

Huawei TechnologiesHUAWEI-SA-20200122-01-PHONE

HistoryJan 22, 2020 - 12:00 a.m.

Security Advisory - Improper Authorization Vulnerability in Several Huawei Smart Phones

2020-01-2200:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.1%

JSON

Some Huawei mobile phones have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. (Vulnerability ID: HWPSIRT-2019-08002)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1882.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en

Affected configurations

Vulners

Node

huaweiever-l29bRange<10.0.0.180

huaweihonor_20Range<10.0.0.154

huaweihonor_20Range<10.1.0.160

huaweimate_9_proRange<10.0.0.154

huaweimate_9_proRange<10.0.0.187

huaweihonor_20Range<10.0.0.176

huaweilaya-al00epRange<10.0.0.175

huaweitony-al00bRange<10.0.0.175

huaweitony-tl00bRange<10.0.0.175

CPENameOperatorVersion
ever-l29blt10.0.0.180
ever-l29blt10.0.0.180
ever-l29blt10.0.0.180
huawei mate 20lt10.0.0.154
huawei mate 20lt10.1.0.160
huawei mate 20lt10.1.0.160
huawei mate 20 prolt10.0.0.154
huawei mate 20 prolt10.0.0.154
huawei mate 20 prolt10.0.0.154
huawei mate 20 prolt10.0.0.154

Name	Operator	Version
ever-l29b	lt	10.0.0.180
ever-l29b	lt	10.0.0.180
ever-l29b	lt	10.0.0.180
huawei mate 20	lt	10.0.0.154
huawei mate 20	lt	10.1.0.160
huawei mate 20	lt	10.1.0.160
huawei mate 20 pro	lt	10.0.0.154
huawei mate 20 pro	lt	10.0.0.154
huawei mate 20 pro	lt	10.0.0.154
huawei mate 20 pro	lt	10.0.0.154

Rows per page:

1-10 of 171

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for HUAWEI-SA-20200122-01-PHONE