ID

VAR-202002-0608


CVE

CVE-2020-1882


TITLE

plural Huawei Unauthorized authentication vulnerabilities in mobile phones

Trust: 0.8

sources: JVNDB: JVNDB-2020-002148

DESCRIPTION

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. plural Huawei Mobile phones contain vulnerabilities related to fraudulent authentication.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2020-1882 // JVNDB: JVNDB-2020-002148

AFFECTED PRODUCTS

vendor:huaweimodel:mate 20 xscope:ltversion:10.0.0.176\(c00e70r2p8\)

Trust: 1.0

vendor:huaweimodel:honor magic2scope:ltversion:10.0.0.175\(c00e59r2p11\)

Trust: 1.0

vendor:huaweimodel:ever-l29bscope:ltversion:10.0.0.180\(c432e6r1p7\)

Trust: 1.0

vendor:huaweimodel:ever-l29bscope:ltversion:10.0.0.180\(c636e5r2p3\)

Trust: 1.0

vendor:huaweimodel:ever-l29bscope:ltversion:10.0.0.180\(c185e6r3p3\)

Trust: 1.0

vendor:huaweimodel:mate 20 rsscope:ltversion:10.0.0.175\(c786e70r3p8\)

Trust: 1.0

vendor:huaweimodel:ever-l29bscope:eqversion:10.0.0.180(c185e6r3p3)

Trust: 0.8

vendor:huaweimodel:ever-l29bscope:eqversion:10.0.0.180(c432e6r1p7)

Trust: 0.8

vendor:huaweimodel:ever-l29bscope:eqversion:10.0.0.180(c636e5r2p3)

Trust: 0.8

vendor:huaweimodel:honor magic2scope:eqversion:10.0.0.175(c00e59r2p11)

Trust: 0.8

vendor:huaweimodel:mate 20 rsscope:eqversion:10.0.0.175(c786e70r3p8)

Trust: 0.8

vendor:huaweimodel:mate 20 xscope:eqversion:10.0.0.176(c00e70r2p8)

Trust: 0.8

sources: JVNDB: JVNDB-2020-002148 // NVD: CVE-2020-1882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1882
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002148
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-1461
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1882
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002148
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1882
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002148
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002148 // CNNVD: CNNVD-202001-1461 // NVD: CVE-2020-1882

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-863

Trust: 0.8

sources: JVNDB: JVNDB-2020-002148 // NVD: CVE-2020-1882

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-1461

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002148

PATCH

title:huawei-sa-20200122-01-phoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en

Trust: 0.8

title:Vulnerability fixes for multiple Huawei product licensing issuesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110507

Trust: 0.6

sources: JVNDB: JVNDB-2020-002148 // CNNVD: CNNVD-202001-1461

EXTERNAL IDS

db:NVDid:CVE-2020-1882

Trust: 2.4

db:JVNDBid:JVNDB-2020-002148

Trust: 0.8

db:CNNVDid:CNNVD-202001-1461

Trust: 0.6

sources: JVNDB: JVNDB-2020-002148 // CNNVD: CNNVD-202001-1461 // NVD: CVE-2020-1882

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1882

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1882

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200122-01-phone-cn

Trust: 0.6

sources: JVNDB: JVNDB-2020-002148 // CNNVD: CNNVD-202001-1461 // NVD: CVE-2020-1882

SOURCES

db:JVNDBid:JVNDB-2020-002148
db:CNNVDid:CNNVD-202001-1461
db:NVDid:CVE-2020-1882

LAST UPDATE DATE

2024-11-23T22:05:48.200000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-002148date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1461date:2021-01-05T00:00:00
db:NVDid:CVE-2020-1882date:2024-11-21T05:11:32.377

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-002148date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1461date:2020-01-22T00:00:00
db:NVDid:CVE-2020-1882date:2020-02-18T00:15:11.460