Details of VAR-202006-1059

ID

VAR-202006-1059

CVE

CVE-2020-1835

TITLE

Huawei Mate 30 information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-52415 // CNNVD: CNNVD-202006-1203

DESCRIPTION

HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the system's failure to connect to Bluetooth correctly

Trust: 2.16

sources: NVD: CVE-2020-1835 // JVNDB: JVNDB-2020-006751 // CNVD: CNVD-2020-52415

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-52415

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 30	scope:	lt	version:	10.1.0.126\(c00e125r5p3\)	Trust: 1.0
vendor:	huawei	model:	mate 30	scope:	eq	version:	10.1.0.126(c00e125r5p3)	Trust: 0.8
vendor:	huawei	model:	mate <10.1.0.126	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2020-52415 // JVNDB: JVNDB-2020-006751 // NVD: CVE-2020-1835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1835
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-006751
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-52415
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202006-1203
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-1835
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006751
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-52415
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-1835
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006751
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-52415 // JVNDB: JVNDB-2020-006751 // CNNVD: CNNVD-202006-1203 // NVD: CVE-2020-1835

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2020-006751 // NVD: CVE-2020-1835

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1203

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1203

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006751

PATCH

title:	huawei-sa-20200617-02-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en	Trust: 0.8
title:	Patch for Huawei Mate 30 information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/234433	Trust: 0.6
title:	Huawei Mate 30 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122561	Trust: 0.6

sources: CNVD: CNVD-2020-52415 // JVNDB: JVNDB-2020-006751 // CNNVD: CNNVD-202006-1203

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1835	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006751	Trust: 0.8
db:	CNVD	id:	CNVD-2020-52415	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1203	Trust: 0.6

sources: CNVD: CNVD-2020-52415 // JVNDB: JVNDB-2020-006751 // CNNVD: CNNVD-202006-1203 // NVD: CVE-2020-1835

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-1835	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1835	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200617-02-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2020-52415 // JVNDB: JVNDB-2020-006751 // CNNVD: CNNVD-202006-1203 // NVD: CVE-2020-1835

SOURCES

db:	CNVD	id:	CNVD-2020-52415
db:	JVNDB	id:	JVNDB-2020-006751
db:	CNNVD	id:	CNNVD-202006-1203
db:	NVD	id:	CVE-2020-1835

LAST UPDATE DATE

2024-11-23T22:29:35.821000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-52415	date:	2020-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-006751	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1203	date:	2020-07-09T00:00:00
db:	NVD	id:	CVE-2020-1835	date:	2024-11-21T05:11:27.693

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-52415	date:	2020-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-006751	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1203	date:	2020-06-17T00:00:00
db:	NVD	id:	CVE-2020-1835	date:	2020-06-18T14:15:11.263