ID

VAR-202009-1317


CVE

CVE-2020-9235


TITLE

Huawei Honor 20 PRO information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-52402 // CNNVD: CNNVD-202009-252

DESCRIPTION

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Huawei smartphone HONOR 20 PRO Contains an information disclosure vulnerability.Information may be obtained. Huawei Honor V20 is a smart phone of China's Huawei (Huawei) company

Trust: 2.16

sources: NVD: CVE-2020-9235 // JVNDB: JVNDB-2020-010696 // CNVD: CNVD-2020-52402

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52402

AFFECTED PRODUCTS

vendor:huaweimodel:honor pro <10.1.0.231scope:eqversion:20

Trust: 1.8

vendor:huaweimodel:honor pro <10.1.0.160scope:eqversion:20

Trust: 1.8

vendor:huaweimodel:honor pro <10.1.0.212scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:honor pro <10.1.0.214scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:honor pro <10.1.0.225scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:honor view 20scope:ltversion:10.1.0.213\(c636e3r4p3\)

Trust: 1.0

vendor:huaweimodel:yale-l21ascope:ltversion:10.1.0.231\(c10e3r3p2\)

Trust: 1.0

vendor:huaweimodel:yale-l21ascope:ltversion:10.1.0.231\(c636e3r3p1\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.1.0.231\(c10e3r3p2\)

Trust: 1.0

vendor:huaweimodel:yale-al00ascope:ltversion:10.1.0.160\(c00e160r8p12\)

Trust: 1.0

vendor:huaweimodel:yale-l61ascope:ltversion:10.1.0.225\(c431e3r1p2\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.1.0.212\(c432e10r3p4\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.1.0.231\(c636e3r3p1\)

Trust: 1.0

vendor:huaweimodel:princeton-al10bscope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:princeton-tl10cscope:ltversion:10.1.0.160\(c01e160r2p11\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.1.0.214\(c10e5r4p3\)

Trust: 1.0

vendor:huaweimodel:yale-l21ascope:ltversion:10.1.0.230\(c432e9r5p1\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.1.0.230\(c432e9r5p1\)

Trust: 1.0

vendor:huaweimodel:tony-al00bscope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:princeton-al10dscope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.1.0.231\(c185e3r5p1\)

Trust: 1.0

vendor:huaweimodel:oxfords-an00ascope:ltversion:10.1.0.212\(c00e210r5p1\)

Trust: 1.0

vendor:huaweimodel:yale-l61ascope:ltversion:10.1.0.225\(c432e3r1p2\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.1.0.214\(c185e3r3p3\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor view 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:oxfords-an00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:princeton-al10bscope: - version: -

Trust: 0.8

vendor:huaweimodel:princeton-al10dscope: - version: -

Trust: 0.8

vendor:huaweimodel:princeton-tl10cscope: - version: -

Trust: 0.8

vendor:huaweimodel:tony-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:yale-al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:yale-l21ascope: - version: -

Trust: 0.8

vendor:huaweimodel:yale-l61ascope: - version: -

Trust: 0.8

vendor:huaweimodel:honor pro <10.1.0.230scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor pro <10.1.0.213scope:eqversion:20

Trust: 0.6

sources: CNVD: CNVD-2020-52402 // JVNDB: JVNDB-2020-010696 // NVD: CVE-2020-9235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9235
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9235
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-52402
value: LOW

Trust: 0.6

CNNVD: CNNVD-202009-252
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9235
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-52402
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9235
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-9235
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52402 // JVNDB: JVNDB-2020-010696 // CNNVD: CNNVD-202009-252 // NVD: CVE-2020-9235

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010696 // NVD: CVE-2020-9235

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-252

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202009-252

PATCH

title:huawei-sa-20200902-07-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en

Trust: 0.8

title:Patch for Huawei Honor 20 PRO information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/234328

Trust: 0.6

title:HUAWEI HONOR 20 PRO Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127436

Trust: 0.6

sources: CNVD: CNVD-2020-52402 // JVNDB: JVNDB-2020-010696 // CNNVD: CNNVD-202009-252

EXTERNAL IDS

db:NVDid:CVE-2020-9235

Trust: 3.0

db:JVNDBid:JVNDB-2020-010696

Trust: 0.8

db:CNVDid:CNVD-2020-52402

Trust: 0.6

db:CNNVDid:CNNVD-202009-252

Trust: 0.6

sources: CNVD: CNVD-2020-52402 // JVNDB: JVNDB-2020-010696 // CNNVD: CNNVD-202009-252 // NVD: CVE-2020-9235

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9235

Trust: 1.4

sources: CNVD: CNVD-2020-52402 // JVNDB: JVNDB-2020-010696 // CNNVD: CNNVD-202009-252 // NVD: CVE-2020-9235

SOURCES

db:CNVDid:CNVD-2020-52402
db:JVNDBid:JVNDB-2020-010696
db:CNNVDid:CNNVD-202009-252
db:NVDid:CVE-2020-9235

LAST UPDATE DATE

2024-11-23T22:11:19.159000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-52402date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-010696date:2021-02-01T08:35:00
db:CNNVDid:CNNVD-202009-252date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9235date:2024-11-21T05:40:12.693

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-52402date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-010696date:2021-02-01T00:00:00
db:CNNVDid:CNNVD-202009-252date:2020-09-03T00:00:00
db:NVDid:CVE-2020-9235date:2020-09-03T19:15:12.417