ID

VAR-202002-0578


CVE

CVE-2020-1812


TITLE

HUAWEI P30 Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-002082

DESCRIPTION

HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. HUAWEI P30 Smartphones contain authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The Huawei P30 is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2020-1812 // JVNDB: JVNDB-2020-002082 // CNVD: CNVD-2020-03248

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03248

AFFECTED PRODUCTS

vendor:huaweimodel:p30scope:eqversion: -

Trust: 1.2

vendor:huaweimodel:p30scope:ltversion:10.0.0.173\(c00e73r1p11\)

Trust: 1.0

vendor:huaweimodel:p30scope:eqversion:10.0.0.173(c00e73r1p11)

Trust: 0.8

vendor:huaweimodel:p30 <10.0.0.173scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30scope:eqversion:9.1.0.193c00e190r2p1

Trust: 0.6

vendor:huaweimodel:p30scope:eqversion:9.1.0.226c00e220r2p1

Trust: 0.6

vendor:huaweimodel:p30scope:eqversion:10.0.0.166c00e66r1p11

Trust: 0.6

sources: CNVD: CNVD-2020-03248 // JVNDB: JVNDB-2020-002082 // CNNVD: CNNVD-202001-884 // NVD: CVE-2020-1812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1812
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002082
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-03248
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-884
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-1812
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002082
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-03248
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1812
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002082
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03248 // JVNDB: JVNDB-2020-002082 // CNNVD: CNNVD-202001-884 // NVD: CVE-2020-1812

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-002082 // NVD: CVE-2020-1812

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-884

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-884

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002082

PATCH

title:huawei-sa-20200120-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-smartphone-en

Trust: 0.8

title:Patch for Huawei P30 inappropriate authentication vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/198623

Trust: 0.6

title:Huawei P30 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107194

Trust: 0.6

sources: CNVD: CNVD-2020-03248 // JVNDB: JVNDB-2020-002082 // CNNVD: CNNVD-202001-884

EXTERNAL IDS

db:NVDid:CVE-2020-1812

Trust: 3.0

db:JVNDBid:JVNDB-2020-002082

Trust: 0.8

db:CNVDid:CNVD-2020-03248

Trust: 0.6

db:CNNVDid:CNNVD-202001-884

Trust: 0.6

sources: CNVD: CNVD-2020-03248 // JVNDB: JVNDB-2020-002082 // CNNVD: CNNVD-202001-884 // NVD: CVE-2020-1812

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-smartphone-en

Trust: 1.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200120-01-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1812

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-1812

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200212-01-firewall-cn

Trust: 0.6

sources: CNVD: CNVD-2020-03248 // JVNDB: JVNDB-2020-002082 // CNNVD: CNNVD-202001-884 // NVD: CVE-2020-1812

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-202001-884

SOURCES

db:CNVDid:CNVD-2020-03248
db:JVNDBid:JVNDB-2020-002082
db:CNNVDid:CNNVD-202001-884
db:NVDid:CVE-2020-1812

LAST UPDATE DATE

2024-11-23T22:21:20.497000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-03248date:2020-02-04T00:00:00
db:JVNDBid:JVNDB-2020-002082date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-884date:2020-02-21T00:00:00
db:NVDid:CVE-2020-1812date:2024-11-21T05:11:25.710

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-03248date:2020-01-24T00:00:00
db:JVNDBid:JVNDB-2020-002082date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-884date:2020-01-20T00:00:00
db:NVDid:CVE-2020-1812date:2020-02-18T03:15:11.123