Huawei TechnologiesHUAWEI-SA-20200610-02-PHONESecurity Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
47.9%
There is an improper authentication vulnerability in some Huawei smartphones. Due to the identity of the message sender is not properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. (Vulnerability ID: HWPSIRT-2019-12132)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9076.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| huawei p30 | lt | 10.1.0.135 | |
| huawei p30 pro | lt | 10.1.0.135 | |
| huawei p30 pro | lt | 10.1.0.135 | |
| tony-al00b | lt | 10.1.0.137 |
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
47.9%