ID

VAR-202005-0624


CVE

CVE-2020-1808


TITLE

plural Huawei Out-of-bounds read vulnerabilities on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-005501

DESCRIPTION

Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. plural Huawei Smartphones contain an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Huawei Honor Magic 2 and others are all smartphones of the Chinese company Huawei. There are security holes in many Huawei products. Huawei Smartphones could allow a remote malicious user to obtain sensitive information, caused by an out-of-bound read vulnerability

Trust: 2.25

sources: NVD: CVE-2020-1808 // JVNDB: JVNDB-2020-005501 // CNVD: CNVD-2020-28976 // VULMON: CVE-2020-1808

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28976

AFFECTED PRODUCTS

vendor:huaweimodel:honor view <=10.0.0.180scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:honor magic2scope:ltversion:10.0.0.176\(c00e60r2p11\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.188\(c00e62r2p11\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:10.0.0.187\(c00e60r4p11\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.180\(c432e10r3p4\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.179\(c636e3r4p3\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.187\(c00e60r4p11\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.180\(c185e3r3p3\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor magic2scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor view 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor view <=10.0.0.179scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor view <=10.0.0.188scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor 20s <=10.0.0.187scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor pro <=10.0.0.187scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor magic2 <=10.0.0.176scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-28976 // JVNDB: JVNDB-2020-005501 // NVD: CVE-2020-1808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1808
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005501
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-28976
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-773
value: HIGH

Trust: 0.6

VULMON: CVE-2020-1808
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1808
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005501
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28976
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1808
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005501
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28976 // VULMON: CVE-2020-1808 // JVNDB: JVNDB-2020-005501 // CNNVD: CNNVD-202005-773 // NVD: CVE-2020-1808

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-005501 // NVD: CVE-2020-1808

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-773

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202005-773

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005501

PATCH

title:huawei-sa-20200513-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-02-smartphone-en

Trust: 0.8

title:Patch for Multiple Huawei product cross-border reading vulnerabilities (CNVD-2020-28976)url:https://www.cnvd.org.cn/patchInfo/show/217949

Trust: 0.6

title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119100

Trust: 0.6

title:Huawei Security Advisories: Security Advisory - Out of Bounds Read Vulnerability in Several Smartphonesurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=ecabe2836d21a692fcba28d252a0cff2

Trust: 0.1

sources: CNVD: CNVD-2020-28976 // VULMON: CVE-2020-1808 // JVNDB: JVNDB-2020-005501 // CNNVD: CNNVD-202005-773

EXTERNAL IDS

db:NVDid:CVE-2020-1808

Trust: 3.1

db:JVNDBid:JVNDB-2020-005501

Trust: 0.8

db:CNVDid:CNVD-2020-28976

Trust: 0.6

db:CNNVDid:CNNVD-202005-773

Trust: 0.6

db:VULMONid:CVE-2020-1808

Trust: 0.1

sources: CNVD: CNVD-2020-28976 // VULMON: CVE-2020-1808 // JVNDB: JVNDB-2020-005501 // CNNVD: CNNVD-202005-773 // NVD: CVE-2020-1808

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-02-smartphone-en

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-1808

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200513-02-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1808

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181882

Trust: 0.1

sources: CNVD: CNVD-2020-28976 // VULMON: CVE-2020-1808 // JVNDB: JVNDB-2020-005501 // CNNVD: CNNVD-202005-773 // NVD: CVE-2020-1808

SOURCES

db:CNVDid:CNVD-2020-28976
db:VULMONid:CVE-2020-1808
db:JVNDBid:JVNDB-2020-005501
db:CNNVDid:CNNVD-202005-773
db:NVDid:CVE-2020-1808

LAST UPDATE DATE

2024-11-23T22:29:37.623000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-28976date:2020-05-19T00:00:00
db:VULMONid:CVE-2020-1808date:2020-07-27T00:00:00
db:JVNDBid:JVNDB-2020-005501date:2020-06-16T00:00:00
db:CNNVDid:CNNVD-202005-773date:2020-05-22T00:00:00
db:NVDid:CVE-2020-1808date:2024-11-21T05:11:25.210

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-28976date:2020-05-19T00:00:00
db:VULMONid:CVE-2020-1808date:2020-05-15T00:00:00
db:JVNDBid:JVNDB-2020-005501date:2020-06-16T00:00:00
db:CNNVDid:CNNVD-202005-773date:2020-05-13T00:00:00
db:NVDid:CVE-2020-1808date:2020-05-15T14:15:11.810