Lucene search

Huawei TechnologiesHUAWEI-SA-20200527-01-SMARTPHONE

HistoryMay 27, 2020 - 12:00 a.m.

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

2020-05-2700:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

30.8%

JSON

There is an information disclosure vulnerability in several smartphones. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. (Vulnerability ID: HWPSIRT-2019-10102)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1809.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en

Affected configurations

Vulners

Node

huaweialp-al00bRange<10.0.0.143

huaweialp-tl00bRange<10.0.0.143

huaweibla-al00bRange<10.0.0.143

huaweibla-tl00bRange<10.0.0.143

huaweihonor_20Range<10.1.0.135

huaweihonor_20Range<10.1.0.160

huaweimate_9_proRange<10.1.0.270

huaweimate_9_proRange<10.1.0.273

huaweimate_9_proRange<10.1.0.277

huaweihonor_20Range<10.1.0.135

huaweilaya-al00epRange<10.1.0.135

huaweitony-al00bRange<10.1.0.160

huaweitony-tl00bRange<10.1.0.160

CPENameOperatorVersion
alp-al00blt10.0.0.143
alp-tl00blt10.0.0.143
bla-al00blt10.0.0.143
bla-tl00blt10.0.0.143
huawei mate 20lt10.1.0.135
huawei mate 20lt10.1.0.160
huawei mate 20 prolt10.1.0.270
huawei mate 20 prolt10.1.0.270
huawei mate 20 prolt10.1.0.273
huawei mate 20 prolt10.1.0.273

Name	Operator	Version
alp-al00b	lt	10.0.0.143
alp-tl00b	lt	10.0.0.143
bla-al00b	lt	10.0.0.143
bla-tl00b	lt	10.0.0.143
huawei mate 20	lt	10.1.0.135
huawei mate 20	lt	10.1.0.160
huawei mate 20 pro	lt	10.1.0.270
huawei mate 20 pro	lt	10.1.0.270
huawei mate 20 pro	lt	10.1.0.273
huawei mate 20 pro	lt	10.1.0.273

Rows per page:

1-10 of 171

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for HUAWEI-SA-20200527-01-SMARTPHONE