ID

VAR-202004-0957


CVE

CVE-2020-1803


TITLE

Huawei smartphone Honor V20 Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004554

DESCRIPTION

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. Huawei Honor V20 is a smart phone of China's Huawei company

Trust: 2.16

sources: NVD: CVE-2020-1803 // JVNDB: JVNDB-2020-004554 // CNVD: CNVD-2020-27123

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27123

AFFECTED PRODUCTS

vendor:huaweimodel:honor <10.0.0.180scope:eqversion:v20

Trust: 1.2

vendor:huaweimodel:honor v20scope:ltversion:10.0.0.180\(c185e3r3p3\)

Trust: 1.0

vendor:huaweimodel:honor v20scope:ltversion:10.0.0.180\(c432e10r3p4\)

Trust: 1.0

vendor:huaweimodel:honor v20scope:ltversion:10.0.0.179\(c636e3r4p3\)

Trust: 1.0

vendor:huaweimodel:honor v20scope:eqversion:10.0.0.179(c636e3r4p3)

Trust: 0.8

vendor:huaweimodel:honor v20scope:eqversion:10.0.0.180(c185e3r3p3)

Trust: 0.8

vendor:huaweimodel:honor v20scope:eqversion:10.0.0.180(c432e10r3p4)

Trust: 0.8

vendor:huaweimodel:honor <10.0.0.179scope:eqversion:v20

Trust: 0.6

sources: CNVD: CNVD-2020-27123 // JVNDB: JVNDB-2020-004554 // NVD: CVE-2020-1803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1803
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004554
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-27123
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1131
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1803
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004554
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27123
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1803
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004554
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27123 // JVNDB: JVNDB-2020-004554 // CNNVD: CNNVD-202004-1131 // NVD: CVE-2020-1803

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-004554 // NVD: CVE-2020-1803

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1131

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1131

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004554

PATCH

title:huawei-sa-20200415-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-smartphone-en

Trust: 0.8

title:Patch for Huawei Honor V20 Information Disclosure Vulnerability (CNVD-2020-27123)url:https://www.cnvd.org.cn/patchInfo/show/216747

Trust: 0.6

title:Huawei Honor V20 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116459

Trust: 0.6

sources: CNVD: CNVD-2020-27123 // JVNDB: JVNDB-2020-004554 // CNNVD: CNNVD-202004-1131

EXTERNAL IDS

db:NVDid:CVE-2020-1803

Trust: 3.0

db:JVNDBid:JVNDB-2020-004554

Trust: 0.8

db:CNVDid:CNVD-2020-27123

Trust: 0.6

db:CNNVDid:CNNVD-202004-1131

Trust: 0.6

sources: CNVD: CNVD-2020-27123 // JVNDB: JVNDB-2020-004554 // CNNVD: CNNVD-202004-1131 // NVD: CVE-2020-1803

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-smartphone-en

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1803

Trust: 2.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1803

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200415-02-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2020-27123 // JVNDB: JVNDB-2020-004554 // CNNVD: CNNVD-202004-1131 // NVD: CVE-2020-1803

SOURCES

db:CNVDid:CNVD-2020-27123
db:JVNDBid:JVNDB-2020-004554
db:CNNVDid:CNNVD-202004-1131
db:NVDid:CVE-2020-1803

LAST UPDATE DATE

2024-11-23T21:51:35.010000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-27123date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-004554date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1131date:2020-09-03T00:00:00
db:NVDid:CVE-2020-1803date:2024-11-21T05:11:24.603

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-27123date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-004554date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1131date:2020-04-15T00:00:00
db:NVDid:CVE-2020-1803date:2020-04-20T20:15:11.760