ID

VAR-202005-0618


CVE

CVE-2020-1797


TITLE

HUAWEI Mate 20 Unauthorized authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-005917

DESCRIPTION

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. Huawei Mate 20 is a smart phone of the Chinese company Huawei. Attackers can use this vulnerability to break through the restrictions on the healthy use of mobile phone functions

Trust: 2.16

sources: NVD: CVE-2020-1797 // JVNDB: JVNDB-2020-005917 // CNVD: CNVD-2020-31280

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31280

AFFECTED PRODUCTS

vendor:huaweimodel:mate 20scope:ltversion:10.0.0.185\(c00e74r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion:10.0.0.185(c00e74r3p8)

Trust: 0.8

vendor:huaweimodel:mate <10.0.0.185scope:eqversion:20

Trust: 0.6

sources: CNVD: CNVD-2020-31280 // JVNDB: JVNDB-2020-005917 // NVD: CVE-2020-1797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1797
value: LOW

Trust: 1.0

NVD: JVNDB-2020-005917
value: LOW

Trust: 0.8

CNVD: CNVD-2020-31280
value: LOW

Trust: 0.6

CNNVD: CNNVD-202005-1350
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-1797
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005917
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31280
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1797
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005917
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31280 // JVNDB: JVNDB-2020-005917 // CNNVD: CNNVD-202005-1350 // NVD: CVE-2020-1797

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-863

Trust: 0.8

sources: JVNDB: JVNDB-2020-005917 // NVD: CVE-2020-1797

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202005-1350

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005917

PATCH

title:huawei-sa-20200527-03-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en

Trust: 0.8

title:Patch for Huawei Mate 20 authorization issue vulnerability (CNVD-2020-31280)url:https://www.cnvd.org.cn/patchInfo/show/220047

Trust: 0.6

title:Huawei Mate 20 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119907

Trust: 0.6

sources: CNVD: CNVD-2020-31280 // JVNDB: JVNDB-2020-005917 // CNNVD: CNNVD-202005-1350

EXTERNAL IDS

db:NVDid:CVE-2020-1797

Trust: 3.0

db:JVNDBid:JVNDB-2020-005917

Trust: 0.8

db:CNVDid:CNVD-2020-31280

Trust: 0.6

db:CNNVDid:CNNVD-202005-1350

Trust: 0.6

sources: CNVD: CNVD-2020-31280 // JVNDB: JVNDB-2020-005917 // CNNVD: CNNVD-202005-1350 // NVD: CVE-2020-1797

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-1797

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1797

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200527-03-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2020-31280 // JVNDB: JVNDB-2020-005917 // CNNVD: CNNVD-202005-1350 // NVD: CVE-2020-1797

SOURCES

db:CNVDid:CNVD-2020-31280
db:JVNDBid:JVNDB-2020-005917
db:CNNVDid:CNNVD-202005-1350
db:NVDid:CVE-2020-1797

LAST UPDATE DATE

2024-11-23T22:44:35.029000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-31280date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-005917date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202005-1350date:2020-06-02T00:00:00
db:NVDid:CVE-2020-1797date:2024-11-21T05:11:23.963

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-31280date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-005917date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202005-1350date:2020-05-27T00:00:00
db:NVDid:CVE-2020-1797date:2020-05-29T20:15:11.107