Sign-up

ID

VAR-202003-1094


CVE

CVE-2020-1795


TITLE

HUAWEI Mate 20 and Mate 30 Pro Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003141

DESCRIPTION

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). HUAWEI Mate 20 and Mate 30 Pro There is an unspecified vulnerability in.Information may be tampered with. This vulnerability stems from the fact that the system fails to reasonably restrict some operations when the mobile phone function is healthy. Attackers can use this vulnerability to bypass the restrictions on the healthy use of mobile phones

Trust: 2.16

sources: NVD: CVE-2020-1795 // JVNDB: JVNDB-2020-003141 // CNVD: CNVD-2020-21999

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21999

AFFECTED PRODUCTS

vendor:huaweimodel:mate 30 proscope:ltversion:10.0.0.203\(c00e202r7p2\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:10.0.0.188\(c00e74r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion:10.0.0.188(c00e74r3p8)

Trust: 0.8

vendor:huaweimodel:mate 30 proscope:eqversion:10.0.0.203(c00e202r7p2)

Trust: 0.8

vendor:huaweimodel:mate <10.0.0.188scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:mate pro <10.0.0.203scope:eqversion:30

Trust: 0.6

sources: CNVD: CNVD-2020-21999 // JVNDB: JVNDB-2020-003141 // NVD: CVE-2020-1795

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1795
value: LOW

Trust: 1.0

NVD: JVNDB-2020-003141
value: LOW

Trust: 0.8

CNVD: CNVD-2020-21999
value: LOW

Trust: 0.6

CNNVD: CNNVD-202003-1144
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-1795
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003141
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21999
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1795
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003141
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21999 // JVNDB: JVNDB-2020-003141 // CNNVD: CNNVD-202003-1144 // NVD: CVE-2020-1795

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-003141 // NVD: CVE-2020-1795

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1144

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003141

PATCH
title:huawei-sa-20200318-04-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-04-smartphone-en
Trust: 0.8
title:Patch for Huawei Mate 20 and Mate 30 Pro logic error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213047
Trust: 0.6
title:Huawei Mate 20  and Mate 30 Pro Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112622
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21999 // 
            
            
            
            JVNDB: JVNDB-2020-003141 // 
            
            
            
            CNNVD: CNNVD-202003-1144

EXTERNAL IDS
db:NVDid:CVE-2020-1795
Trust: 3.0
db:JVNDBid:JVNDB-2020-003141
Trust: 0.8
db:CNVDid:CNVD-2020-21999
Trust: 0.6
db:CNNVDid:CNNVD-202003-1144
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21999 // 
            
            
            
            JVNDB: JVNDB-2020-003141 // 
            
            
            
            CNNVD: CNNVD-202003-1144 // 
            
            
            
            NVD: CVE-2020-1795

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-1795
Trust: 2.0
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-04-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1795
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200318-04-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21999 // 
            
            
            
            JVNDB: JVNDB-2020-003141 // 
            
            
            
            CNNVD: CNNVD-202003-1144 // 
            
            
            
            NVD: CVE-2020-1795

SOURCES
db:CNVDid:CNVD-2020-21999
db:JVNDBid:JVNDB-2020-003141
db:CNNVDid:CNNVD-202003-1144
db:NVDid:CVE-2020-1795

LAST UPDATE DATE
2024-11-23T22:05:46.358000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21999date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003141date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1144date:2020-03-25T00:00:00
db:NVDid:CVE-2020-1795date:2024-11-21T05:11:23.733

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21999date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003141date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1144date:2020-03-18T00:00:00
db:NVDid:CVE-2020-1795date:2020-03-20T15:15:14.027