Details of VAR-202007-1269

ID

VAR-202007-1269

CVE

CVE-2020-9258

TITLE

HUAWEI P30 Vulnerability related to information leakage in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-007665

DESCRIPTION

HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak. HUAWEI P30 Smartphones contain vulnerabilities related to information leakage.Information may be obtained. Huawei P30 is a smart phone of China's Huawei (Huawei) company

Trust: 2.16

sources: NVD: CVE-2020-9258 // JVNDB: JVNDB-2020-007665 // CNVD: CNVD-2020-51518

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-51518

AFFECTED PRODUCTS

vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.135\(c00e135r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.135(c00e135r2p11)	Trust: 0.8
vendor:	huawei	model:	p30 <10.1.0.135	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-51518 // JVNDB: JVNDB-2020-007665 // NVD: CVE-2020-9258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9258
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-007665
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-51518
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202007-383
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9258
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-007665
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-51518
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9258
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-007665
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-51518 // JVNDB: JVNDB-2020-007665 // CNNVD: CNNVD-202007-383 // NVD: CVE-2020-9258

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2020-007665 // NVD: CVE-2020-9258

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-383

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202007-383

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007665

PATCH

title:	huawei-sa-20200708-02-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200708-02-smartphone-en	Trust: 0.8
title:	Patch for Huawei P30 information disclosure vulnerability (CNVD-2020-51518)	url:	https://www.cnvd.org.cn/patchInfo/show/233260	Trust: 0.6
title:	Huawei P30 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124083	Trust: 0.6

sources: CNVD: CNVD-2020-51518 // JVNDB: JVNDB-2020-007665 // CNNVD: CNNVD-202007-383

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9258	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-007665	Trust: 0.8
db:	CNVD	id:	CNVD-2020-51518	Trust: 0.6
db:	NSFOCUS	id:	48056	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-383	Trust: 0.6

sources: CNVD: CNVD-2020-51518 // JVNDB: JVNDB-2020-007665 // CNNVD: CNNVD-202007-383 // NVD: CVE-2020-9258

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9258	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200708-02-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9258	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200708-02-smartphone-cn	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48056	Trust: 0.6

sources: CNVD: CNVD-2020-51518 // JVNDB: JVNDB-2020-007665 // CNNVD: CNNVD-202007-383 // NVD: CVE-2020-9258

SOURCES

db:	CNVD	id:	CNVD-2020-51518
db:	JVNDB	id:	JVNDB-2020-007665
db:	CNNVD	id:	CNNVD-202007-383
db:	NVD	id:	CVE-2020-9258

LAST UPDATE DATE

2024-11-23T22:11:25.971000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-51518	date:	2020-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-007665	date:	2020-08-20T00:00:00
db:	CNNVD	id:	CNNVD-202007-383	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2020-9258	date:	2024-11-21T05:40:17.307

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-51518	date:	2020-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-007665	date:	2020-08-20T00:00:00
db:	CNNVD	id:	CNNVD-202007-383	date:	2020-07-08T00:00:00
db:	NVD	id:	CVE-2020-9258	date:	2020-07-10T14:15:10.657