Details of VAR-202003-1093

ID

VAR-202003-1093

CVE

CVE-2020-1794

TITLE

HUAWEI Mate 20 and Mate 30 Pro Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003140

DESCRIPTION

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). HUAWEI Mate 20 and Mate 30 Pro There is an authentication vulnerability in.Information may be obtained. Attackers can use this vulnerability to obtain data on locked applications

Trust: 2.16

sources: NVD: CVE-2020-1794 // JVNDB: JVNDB-2020-003140 // CNVD: CNVD-2020-21998

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-21998

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 30 pro	scope:	lt	version:	10.0.0.203\(c00e202r7p2\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	lt	version:	10.0.0.188\(c00e74r3p8\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	eq	version:	10.0.0.188(c00e74r3p8)	Trust: 0.8
vendor:	huawei	model:	mate 30 pro	scope:	eq	version:	10.0.0.203(c00e202r7p2)	Trust: 0.8
vendor:	huawei	model:	mate <10.0.0.188	scope:	eq	version:	20	Trust: 0.6
vendor:	huawei	model:	mate pro <10.0.0.203	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2020-21998 // JVNDB: JVNDB-2020-003140 // NVD: CVE-2020-1794

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1794
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003140
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-21998
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202003-1139
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-1794
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003140
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-21998
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-1794
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003140
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-21998 // JVNDB: JVNDB-2020-003140 // CNNVD: CNNVD-202003-1139 // NVD: CVE-2020-1794

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-003140 // NVD: CVE-2020-1794

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-1139

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003140

PATCH

title:	huawei-sa-20200318-02-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en	Trust: 0.8
title:	Patch for Huawei Mate 20 and Mate 30 Pro authorization issue vulnerability (CNVD-2020-21998)	url:	https://www.cnvd.org.cn/patchInfo/show/213049	Trust: 0.6

sources: CNVD: CNVD-2020-21998 // JVNDB: JVNDB-2020-003140

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1794	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-003140	Trust: 0.8
db:	CNVD	id:	CNVD-2020-21998	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-1139	Trust: 0.6

sources: CNVD: CNVD-2020-21998 // JVNDB: JVNDB-2020-003140 // CNNVD: CNNVD-202003-1139 // NVD: CVE-2020-1794

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-1794	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en	Trust: 1.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200318-02-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1794	Trust: 0.8

sources: CNVD: CNVD-2020-21998 // JVNDB: JVNDB-2020-003140 // CNNVD: CNNVD-202003-1139 // NVD: CVE-2020-1794

SOURCES

db:	CNVD	id:	CNVD-2020-21998
db:	JVNDB	id:	JVNDB-2020-003140
db:	CNNVD	id:	CNNVD-202003-1139
db:	NVD	id:	CVE-2020-1794

LAST UPDATE DATE

2024-11-23T22:11:35.883000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-21998	date:	2020-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-003140	date:	2020-04-06T00:00:00
db:	CNNVD	id:	CNNVD-202003-1139	date:	2020-08-28T00:00:00
db:	NVD	id:	CVE-2020-1794	date:	2024-11-21T05:11:23.630

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-21998	date:	2020-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-003140	date:	2020-04-06T00:00:00
db:	CNNVD	id:	CNNVD-202003-1139	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2020-1794	date:	2020-03-20T15:15:13.950