Details of VAR-202003-1092

ID

VAR-202003-1092

CVE

CVE-2020-1793

TITLE

HUAWEI Mate 20 and Mate 30 Pro Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003319

DESCRIPTION

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). HUAWEI Mate 20 and Mate 30 Pro There is an authentication vulnerability in.Information may be obtained. You can use this vulnerability to obtain data on locked applications

Trust: 2.16

sources: NVD: CVE-2020-1793 // JVNDB: JVNDB-2020-003319 // CNVD: CNVD-2020-22000

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-22000

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 30 pro	scope:	lt	version:	10.0.0.203\(c00e202r7p2\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	lt	version:	10.0.0.188\(c00e74r3p8\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	eq	version:	10.0.0.188(c00e74r3p8)	Trust: 0.8
vendor:	huawei	model:	mate 30 pro	scope:	eq	version:	10.0.0.203(c00e202r7p2)	Trust: 0.8
vendor:	huawei	model:	mate <10.0.0.188	scope:	eq	version:	20	Trust: 0.6
vendor:	huawei	model:	mate pro <10.0.0.203	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2020-22000 // JVNDB: JVNDB-2020-003319 // NVD: CVE-2020-1793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1793
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003319
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-22000
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202003-1146
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-1793
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003319
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-22000
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-1793
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003319
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-22000 // JVNDB: JVNDB-2020-003319 // CNNVD: CNNVD-202003-1146 // NVD: CVE-2020-1793

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-003319 // NVD: CVE-2020-1793

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-1146

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003319

PATCH

title:	huawei-sa-20200318-02-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en	Trust: 0.8
title:	Patch for Huawei Mate 20 and Mate 30 Pro authorization issue vulnerability (CNVD-2020-22000)	url:	https://www.cnvd.org.cn/patchInfo/show/213045	Trust: 0.6

sources: CNVD: CNVD-2020-22000 // JVNDB: JVNDB-2020-003319

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1793	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-003319	Trust: 0.8
db:	CNVD	id:	CNVD-2020-22000	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-1146	Trust: 0.6

sources: CNVD: CNVD-2020-22000 // JVNDB: JVNDB-2020-003319 // CNNVD: CNNVD-202003-1146 // NVD: CVE-2020-1793

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-1793	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en	Trust: 1.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200318-02-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1793	Trust: 0.8

sources: CNVD: CNVD-2020-22000 // JVNDB: JVNDB-2020-003319 // CNNVD: CNNVD-202003-1146 // NVD: CVE-2020-1793

SOURCES

db:	CNVD	id:	CNVD-2020-22000
db:	JVNDB	id:	JVNDB-2020-003319
db:	CNNVD	id:	CNNVD-202003-1146
db:	NVD	id:	CVE-2020-1793

LAST UPDATE DATE

2024-11-23T21:51:37.488000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-22000	date:	2020-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-003319	date:	2020-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202003-1146	date:	2020-08-28T00:00:00
db:	NVD	id:	CVE-2020-1793	date:	2024-11-21T05:11:23.523

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-22000	date:	2020-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-003319	date:	2020-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202003-1146	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2020-1793	date:	2020-03-20T15:15:13.857