ID

VAR-202001-0900


CVE

CVE-2020-1787


TITLE

HUAWEI Mate 20  Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-001494

DESCRIPTION

HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user. HUAWEI Mate 20 Smartphones contain an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Huawei Mate 20 is a smartphone from China's Huawei. The vulnerability stems from logical errors in the system

Trust: 2.16

sources: NVD: CVE-2020-1787 // JVNDB: JVNDB-2020-001494 // CNVD: CNVD-2020-02173

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02173

AFFECTED PRODUCTS

vendor:huaweimodel:mate 20scope:eqversion: -

Trust: 2.0

vendor:huaweimodel:mate 20scope:ltversion:9.1.0.139\(c00e133r3p1\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:mate 20 firmware 9.1.0.139(c00e133r3p1)

Trust: 0.8

vendor:huaweimodel:mate pro <9.1.0.139scope:eqversion:20

Trust: 0.6

sources: CNVD: CNVD-2020-02173 // JVNDB: JVNDB-2020-001494 // CNNVD: CNNVD-202001-270 // NVD: CVE-2020-1787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1787
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1787
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-02173
value: LOW

Trust: 0.6

CNNVD: CNNVD-202001-270
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-1787
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02173
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1787
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-1787
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02173 // JVNDB: JVNDB-2020-001494 // CNNVD: CNNVD-202001-270 // NVD: CVE-2020-1787

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Incorrect authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-001494 // NVD: CVE-2020-1787

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-270

PATCH

title:huawei-sa-20200108-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-02-smartphone-en

Trust: 0.8

title:Patch for Huawei Mate 20 inappropriate authentication vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197023

Trust: 0.6

title:Huawei Mate 20 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106609

Trust: 0.6

sources: CNVD: CNVD-2020-02173 // JVNDB: JVNDB-2020-001494 // CNNVD: CNNVD-202001-270

EXTERNAL IDS

db:NVDid:CVE-2020-1787

Trust: 3.0

db:JVNDBid:JVNDB-2020-001494

Trust: 0.8

db:CNVDid:CNVD-2020-02173

Trust: 0.6

db:CNNVDid:CNNVD-202001-270

Trust: 0.6

sources: CNVD: CNVD-2020-02173 // JVNDB: JVNDB-2020-001494 // CNNVD: CNNVD-202001-270 // NVD: CVE-2020-1787

REFERENCES

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-02-smartphone-cn

Trust: 1.2

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-02-smartphone-en

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-1787

Trust: 0.8

sources: CNVD: CNVD-2020-02173 // JVNDB: JVNDB-2020-001494 // CNNVD: CNNVD-202001-270 // NVD: CVE-2020-1787

CREDITS

Ding Yicong

Trust: 0.6

sources: CNNVD: CNNVD-202001-270

SOURCES

db:CNVDid:CNVD-2020-02173
db:JVNDBid:JVNDB-2020-001494
db:CNNVDid:CNNVD-202001-270
db:NVDid:CVE-2020-1787

LAST UPDATE DATE

2024-11-23T21:51:45.913000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-02173date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001494date:2020-02-12T00:00:00
db:CNNVDid:CNNVD-202001-270date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1787date:2024-11-21T05:11:22.827

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-02173date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001494date:2020-02-12T00:00:00
db:CNNVDid:CNNVD-202001-270date:2020-01-08T00:00:00
db:NVDid:CVE-2020-1787date:2020-01-09T17:15:12.400