Details of VAR-202007-1267

ID

VAR-202007-1267

CVE

CVE-2020-9256

TITLE

Huawei Mate 30 Pro Vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-008282

DESCRIPTION

Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service. Huawei Mate 30 Pro There are unspecified vulnerabilities in smartphones.Service operation interruption (DoS) It may be put into a state. Huawei Mate 30 Pro is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the program's failure to properly restrict the application's use of system services

Trust: 2.16

sources: NVD: CVE-2020-9256 // JVNDB: JVNDB-2020-008282 // CNVD: CNVD-2020-46472

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-46472

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 30 pro	scope:	lt	version:	10.1.0.150\(c00e136r5p3\)	Trust: 1.0
vendor:	huawei	model:	mate 30 pro	scope:	eq	version:	10.1.0.150(c00e136r5p3)	Trust: 0.8
vendor:	huawei	model:	mate pro <10.1.0.150	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2020-46472 // JVNDB: JVNDB-2020-008282 // NVD: CVE-2020-9256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9256
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008282
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-46472
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202007-1092
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9256
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008282
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-46472
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9256
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008282
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-46472 // JVNDB: JVNDB-2020-008282 // CNNVD: CNNVD-202007-1092 // NVD: CVE-2020-9256

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-9256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1092

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1092

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008282

PATCH

title:	huawei-sa-20200715-05-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-05-smartphone-en	Trust: 0.8
title:	Patch for Huawei Mate 30 Pro improper authorization vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/230845	Trust: 0.6
title:	Huawei Mate 30 Pro Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124915	Trust: 0.6

sources: CNVD: CNVD-2020-46472 // JVNDB: JVNDB-2020-008282 // CNNVD: CNNVD-202007-1092

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9256	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-008282	Trust: 0.8
db:	CNVD	id:	CNVD-2020-46472	Trust: 0.6
db:	NSFOCUS	id:	49423	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1092	Trust: 0.6

sources: CNVD: CNVD-2020-46472 // JVNDB: JVNDB-2020-008282 // CNNVD: CNNVD-202007-1092 // NVD: CVE-2020-9256

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-05-smartphone-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9256	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-05-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9256	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/49423	Trust: 0.6

sources: CNVD: CNVD-2020-46472 // JVNDB: JVNDB-2020-008282 // CNNVD: CNNVD-202007-1092 // NVD: CVE-2020-9256

SOURCES

db:	CNVD	id:	CNVD-2020-46472
db:	JVNDB	id:	JVNDB-2020-008282
db:	CNNVD	id:	CNNVD-202007-1092
db:	NVD	id:	CVE-2020-9256

LAST UPDATE DATE

2024-11-23T23:04:17.683000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-46472	date:	2020-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008282	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1092	date:	2020-10-12T00:00:00
db:	NVD	id:	CVE-2020-9256	date:	2024-11-21T05:40:17.043

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-46472	date:	2020-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008282	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1092	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-9256	date:	2020-07-18T01:16:35.427