Lucene search

Huawei TechnologiesHUAWEI-SA-20200805-02-SMARTPHONE

HistoryAug 05, 2020 - 12:00 a.m.

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

2020-08-0500:00:00

Huawei Technologies

www.huawei.com

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.8%

JSON

There is an improper authentication vulnerability in several smartphones. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. (Vulnerability ID: HWPSIRT-2019-10020)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9244.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en

Affected configurations

Vulners

Node

huaweihonor_20Range<10.0.0.196

huaweihonor_20Range<10.0.0.184

huaweihonor_20Range<10.1.0.160

huaweimate_9_proRange<10.1.0.273

huaweimate_9_proRange<10.1.0.277

huaweihonor_20Range<10.1.0.160

huaweihuawei_p30Range<10.1.0.160

huaweihonor_view_20Range<10.0.0.180

huaweilaya-al00epRange<10.1.0.160

huaweitony-al00bRange<10.0.0.187

huaweitony-tl00bRange<10.0.0.187

huaweiyale-l21aRange<10.0.0.184

huaweiyale-l61aRange<10.0.0.168

huaweiyale-l71cRange<10.0.0.179

huaweihonor_20Range<10.0.0.175

huaweihonor_20Range<10.0.0.194

huaweihonor_magic2Range<10.0.0.187

huaweihonor_v20Range<10.0.0.188

CPENameOperatorVersion
honor 20lt10.0.0.196
honor 20 prolt10.0.0.184
huawei mate 20lt10.1.0.160
huawei mate 20 prolt10.1.0.273
huawei mate 20 prolt10.1.0.277
huawei mate 20 xlt10.1.0.160
huawei p30lt10.1.0.160
huawei p30 prolt10.1.0.160
huawei p30 prolt10.1.0.160
honor view 20lt10.0.0.180

Name	Operator	Version
honor 20	lt	10.0.0.196
honor 20 pro	lt	10.0.0.184
huawei mate 20	lt	10.1.0.160
huawei mate 20 pro	lt	10.1.0.273
huawei mate 20 pro	lt	10.1.0.277
huawei mate 20 x	lt	10.1.0.160
huawei p30	lt	10.1.0.160
huawei p30 pro	lt	10.1.0.160
huawei p30 pro	lt	10.1.0.160
honor view 20	lt	10.0.0.180

Rows per page:

1-10 of 211

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for HUAWEI-SA-20200805-02-SMARTPHONE