Lucene search

Huawei TechnologiesHUAWEI-SA-20200318-02-SMARTPHONE

HistoryMar 18, 2020 - 12:00 a.m.

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

2020-03-1800:00:00

Huawei Technologies

www.huawei.com

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. (Vulnerability ID: HWPSIRT-2019-12128 and HWPSIRT-2019-12129)

The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1793 and CVE-2020-1794.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en

Affected configurations

Vulners

Node

huaweimate_20_firmwareRange<10.0.0.188

huaweimate_20_firmwareRange<10.1.0.160

huaweimate_20_pro_firmwareRange<10.1.0.270

huaweimate_20_pro_firmwareRange<10.1.0.273

huaweimate_20_pro_firmwareRange<10.1.0.277

huaweimate_20_x_firmwareRange<10.1.0.160

huaweilaya-al00ep_firmwareRange<10.1.0.160

huaweilion-al00c_firmwareRange<10.0.0.203

huaweitony-al00b_firmwareRange<10.1.0.160

huaweitony-tl00b_firmwareRange<10.1.0.160

VendorProductVersionCPE
huaweimate_20_firmware*cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
huaweimate_20_pro_firmware*cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
huaweimate_20_x_firmware*cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*
huaweilaya-al00ep_firmware*cpe:2.3:o:huawei:laya-al00ep_firmware:*:*:*:*:*:*:*:*
huaweilion-al00c_firmware*cpe:2.3:o:huawei:lion-al00c_firmware:*:*:*:*:*:*:*:*
huaweitony-al00b_firmware*cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:*
huaweitony-tl00b_firmware*cpe:2.3:o:huawei:tony-tl00b_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	mate_20_firmware	*	cpe:2.3:o:huawei:mate_20_firmware::::::::
huawei	mate_20_pro_firmware	*	cpe:2.3:o:huawei:mate_20_pro_firmware::::::::
huawei	mate_20_x_firmware	*	cpe:2.3:o:huawei:mate_20_x_firmware::::::::
huawei	laya-al00ep_firmware	*	cpe:2.3:o:huawei:laya-al00ep_firmware::::::::
huawei	lion-al00c_firmware	*	cpe:2.3:o:huawei:lion-al00c_firmware::::::::
huawei	tony-al00b_firmware	*	cpe:2.3:o:huawei:tony-al00b_firmware::::::::
huawei	tony-tl00b_firmware	*	cpe:2.3:o:huawei:tony-tl00b_firmware::::::::

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON

Related for HUAWEI-SA-20200318-02-SMARTPHONE