ID

VAR-202006-1717


CVE

CVE-2020-9076


TITLE

plural Huawei Authentication vulnerabilities in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2020-006781

DESCRIPTION

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. HUAWEI P30 , P30 Pro , Tony-AL00B There is an authentication vulnerability in.Information may be obtained and tampered with. Huawei P30, etc. are all smart phones of China's Huawei (Huawei) company

Trust: 2.16

sources: NVD: CVE-2020-9076 // JVNDB: JVNDB-2020-006781 // CNVD: CNVD-2020-52418

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52418

AFFECTED PRODUCTS

vendor:huaweimodel:p30 pro <10.1.0.135scope: - version: -

Trust: 1.2

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.135\(c01e135r2p8\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.135\(c00e135r2p11\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.135\(c00e135r2p8\)

Trust: 1.0

vendor:huaweimodel:tony-al00bscope:ltversion:10.1.0.137\(c00e137r2p11\)

Trust: 1.0

vendor:huaweimodel:p30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30scope: - version: -

Trust: 0.8

vendor:huaweimodel:tony-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 <10.1.0.135scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor magic2 <10.1.0.137scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-52418 // JVNDB: JVNDB-2020-006781 // NVD: CVE-2020-9076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9076
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006781
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-52418
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-878
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9076
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006781
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52418
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9076
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006781
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52418 // JVNDB: JVNDB-2020-006781 // CNNVD: CNNVD-202006-878 // NVD: CVE-2020-9076

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-006781 // NVD: CVE-2020-9076

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-878

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202006-878

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006781

PATCH

title:huawei-sa-20200610-02-phoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en

Trust: 0.8

title:Patch for Inappropriate authentication vulnerabilities in multiple Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/234454

Trust: 0.6

title:Multiple Huawei Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121108

Trust: 0.6

sources: CNVD: CNVD-2020-52418 // JVNDB: JVNDB-2020-006781 // CNNVD: CNNVD-202006-878

EXTERNAL IDS

db:NVDid:CVE-2020-9076

Trust: 3.0

db:JVNDBid:JVNDB-2020-006781

Trust: 0.8

db:CNVDid:CNVD-2020-52418

Trust: 0.6

db:CNNVDid:CNNVD-202006-878

Trust: 0.6

sources: CNVD: CNVD-2020-52418 // JVNDB: JVNDB-2020-006781 // CNNVD: CNNVD-202006-878 // NVD: CVE-2020-9076

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9076

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200610-02-phone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9076

Trust: 0.8

sources: CNVD: CNVD-2020-52418 // JVNDB: JVNDB-2020-006781 // CNNVD: CNNVD-202006-878 // NVD: CVE-2020-9076

SOURCES

db:CNVDid:CNVD-2020-52418
db:JVNDBid:JVNDB-2020-006781
db:CNNVDid:CNNVD-202006-878
db:NVDid:CVE-2020-9076

LAST UPDATE DATE

2024-11-23T23:04:18.727000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-52418date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-006781date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-878date:2020-06-22T00:00:00
db:NVDid:CVE-2020-9076date:2024-11-21T05:39:59.047

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-52418date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-006781date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-878date:2020-06-10T00:00:00
db:NVDid:CVE-2020-9076date:2020-06-15T16:15:23.270