Sign-up

ID

VAR-202004-0955


CVE

CVE-2020-1801


TITLE

Mate 30 Pro and Mate 30 Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003980

DESCRIPTION

There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2). Mate 30 Pro and Mate 30 There is an information leakage vulnerability in.Information may be obtained. In the specific scenario of sharing files, some of the functional interfaces in the system are not The caller is fully authenticated

Trust: 2.16

sources: NVD: CVE-2020-1801 // JVNDB: JVNDB-2020-003980 // CNVD: CNVD-2020-22206

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22206

AFFECTED PRODUCTS

vendor:huaweimodel:mate 30 proscope:ltversion:10.0.0.205\(c00e202r7p2\)

Trust: 1.0

vendor:huaweimodel:mate 30scope:ltversion:10.0.0.205\(c00e201r7p2\)

Trust: 1.0

vendor:huaweimodel:mate 30 proscope:eqversion:10.0.0.205(c00e202r7p2)

Trust: 0.8

vendor:huaweimodel:mate 30scope:eqversion:10.0.0.205(c00e202r7p2)

Trust: 0.8

vendor:huaweimodel:mate pro <10.0.0.205scope:eqversion:30

Trust: 0.6

vendor:huaweimodel:mate <10.0.0.205scope:eqversion:30

Trust: 0.6

sources: CNVD: CNVD-2020-22206 // JVNDB: JVNDB-2020-003980 // NVD: CVE-2020-1801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1801
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003980
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-22206
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-535
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1801
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003980
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-22206
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1801
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003980
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22206 // JVNDB: JVNDB-2020-003980 // CNNVD: CNNVD-202004-535 // NVD: CVE-2020-1801

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-003980 // NVD: CVE-2020-1801

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-535

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-535

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003980

PATCH
title:huawei-sa-20200408-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en
Trust: 0.8
title:Patch for Huawei Mate 30 Pro and Huawei Mate 30 authorization issue vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/213191
Trust: 0.6
title:Huawei Mate 30 Pro  and Huawei Mate 30 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115735
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22206 // 
            
            
            
            JVNDB: JVNDB-2020-003980 // 
            
            
            
            CNNVD: CNNVD-202004-535

EXTERNAL IDS
db:NVDid:CVE-2020-1801
Trust: 3.0
db:JVNDBid:JVNDB-2020-003980
Trust: 0.8
db:CNVDid:CNVD-2020-22206
Trust: 0.6
db:CNNVDid:CNNVD-202004-535
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22206 // 
            
            
            
            JVNDB: JVNDB-2020-003980 // 
            
            
            
            CNNVD: CNNVD-202004-535 // 
            
            
            
            NVD: CVE-2020-1801

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-1801
Trust: 2.0
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1801
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200408-01-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22206 // 
            
            
            
            JVNDB: JVNDB-2020-003980 // 
            
            
            
            CNNVD: CNNVD-202004-535 // 
            
            
            
            NVD: CVE-2020-1801

SOURCES
db:CNVDid:CNVD-2020-22206
db:JVNDBid:JVNDB-2020-003980
db:CNNVDid:CNNVD-202004-535
db:NVDid:CVE-2020-1801

LAST UPDATE DATE
2024-11-23T22:41:07.094000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22206date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003980date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-535date:2020-04-14T00:00:00
db:NVDid:CVE-2020-1801date:2024-11-21T05:11:24.390

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22206date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003980date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-535date:2020-04-08T00:00:00
db:NVDid:CVE-2020-1801date:2020-04-10T15:15:12.880