ID

VAR-202008-1048


CVE

CVE-2020-9244


TITLE

plural  Huawei  Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-009253

DESCRIPTION

HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. plural Huawei There is an authentication vulnerability in smartphones.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. Huawei Mate 20, Mate 20 Pro, Mate 20 X and Mate 20 RS are all smart phones of China's Huawei (Huawei) company. There are security vulnerabilities in many Huawei products, which are caused by the program's failure to correctly sign encrypted files. Attackers can use this vulnerability to forge files

Trust: 2.16

sources: NVD: CVE-2020-9244 // JVNDB: JVNDB-2020-009253 // CNVD: CNVD-2020-46459

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46459

AFFECTED PRODUCTS

vendor:huaweimodel:mate pro <10.1.0.270scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:honor v20scope:ltversion:10.0.0.188\(c00e62r2p11\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.194\(c00e62r8p12\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:10.0.0.175\(c00e58r4p11\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:10.1.0.160\(c00e160r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20 rsscope:ltversion:10.1.0.160\(c786e160r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.270\(c431e7r1p5\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.273\(c636e7r2p4\)

Trust: 1.0

vendor:huaweimodel:mate 20 xscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:honor magic 2scope:ltversion:10.0.0.187\(c00e61r2p11\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:10.1.0.270\(c635e3r1p5\)

Trust: 1.0

vendor:huaweimodel:honor 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 20 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor magic 2scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor v20scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20 rsscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20 xscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30scope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate <10.1.0.160scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:mate pro <10.1.0.273scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:mate <10.1.0.160scope:eqversion:20x

Trust: 0.6

vendor:huaweimodel:p30 <10.1.0.160scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <10.1.0.160scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate rs <10.1.0.160scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honormagic <10.0.0.187scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:honor <10.0.0.175scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor pro <10.0.0.194scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honorv20 <10.0.0.188scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-46459 // JVNDB: JVNDB-2020-009253 // NVD: CVE-2020-9244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9244
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9244
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-46459
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-580
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9244
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-46459
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9244
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9244
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-46459 // JVNDB: JVNDB-2020-009253 // CNNVD: CNNVD-202008-580 // NVD: CVE-2020-9244

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-009253 // NVD: CVE-2020-9244

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202008-580

PATCH

title:huawei-sa-20200805-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en

Trust: 0.8

title:Patch for Incorrect authentication vulnerabilities in multiple Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/230800

Trust: 0.6

title:Multiple Huawei Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126447

Trust: 0.6

sources: CNVD: CNVD-2020-46459 // JVNDB: JVNDB-2020-009253 // CNNVD: CNNVD-202008-580

EXTERNAL IDS

db:NVDid:CVE-2020-9244

Trust: 3.0

db:JVNDBid:JVNDB-2020-009253

Trust: 0.8

db:CNVDid:CNVD-2020-46459

Trust: 0.6

db:CNNVDid:CNNVD-202008-580

Trust: 0.6

sources: CNVD: CNVD-2020-46459 // JVNDB: JVNDB-2020-009253 // CNNVD: CNNVD-202008-580 // NVD: CVE-2020-9244

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9244

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200805-02-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2020-46459 // JVNDB: JVNDB-2020-009253 // CNNVD: CNNVD-202008-580 // NVD: CVE-2020-9244

SOURCES

db:CNVDid:CNVD-2020-46459
db:JVNDBid:JVNDB-2020-009253
db:CNNVDid:CNNVD-202008-580
db:NVDid:CVE-2020-9244

LAST UPDATE DATE

2024-11-23T22:58:10.110000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-46459date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009253date:2020-10-26T08:31:00
db:CNNVDid:CNNVD-202008-580date:2021-01-05T00:00:00
db:NVDid:CVE-2020-9244date:2024-11-21T05:40:15.390

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-46459date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009253date:2020-10-26T00:00:00
db:CNNVDid:CNNVD-202008-580date:2020-08-11T00:00:00
db:NVDid:CVE-2020-9244date:2020-08-11T19:15:17.687