ID

VAR-202010-1173


CVE

CVE-2020-9109


TITLE

plural  Huawei  Insufficient verification vulnerability in data reliability in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2020-012335

DESCRIPTION

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11). plural Huawei Smartphone products contain vulnerabilities related to inadequate verification of data reliability.Information may be obtained. Huawei P30 Pro, etc. are all smart phones of China's Huawei (Huawei) company. The vulnerability stems from insufficient verification of the identity of the smart wearable device in a specific scenario. The attacker needs to obtain specific information in the victim's mobile phone before launching an attack

Trust: 2.25

sources: NVD: CVE-2020-9109 // JVNDB: JVNDB-2020-012335 // CNVD: CNVD-2020-68354 // VULMON: CVE-2020-9109

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-68354

AFFECTED PRODUCTS

vendor:huaweimodel:mate <10.1.0.160scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:mate <10.1.0.160scope:eqversion:20x

Trust: 1.2

vendor:huaweimodel:tony-al00bscope:ltversion:10.1.0.160\(c00e160r2p11\)

Trust: 1.0

vendor:huaweimodel:mate 20 xscope:ltversion:10.1.0.160\(c01e160r2p8\)

Trust: 1.0

vendor:huaweimodel:tony-tl00bscope:ltversion:10.1.0.160\(c01e160r2p11\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:10.1.0.160\(c00e160r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:10.1.0.160\(c01e160r2p8\)

Trust: 1.0

vendor:huaweimodel:laya-al00epscope:ltversion:10.1.0.160\(c786e160r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20 xscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:10.1.0.160\(c00e160r2p8\)

Trust: 1.0

vendor:huaweimodel:laya-al00epscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20 xscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:tony-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:tony-tl00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 pro <10.1.0.160scope: - version: -

Trust: 0.6

vendor:huaweimodel:laya-al00ep <10.1.0.160scope: - version: -

Trust: 0.6

vendor:huaweimodel:tony-al00b <10.1.0.160scope: - version: -

Trust: 0.6

vendor:huaweimodel:tony-tl00b <10.1.0.160scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-68354 // JVNDB: JVNDB-2020-012335 // NVD: CVE-2020-9109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9109
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9109
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-68354
value: LOW

Trust: 0.6

CNNVD: CNNVD-202009-1687
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-9109
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-9109
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-68354
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9109
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-9109
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-68354 // VULMON: CVE-2020-9109 // JVNDB: JVNDB-2020-012335 // CNNVD: CNNVD-202009-1687 // NVD: CVE-2020-9109

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inadequate verification of data reliability (CWE-345) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012335 // NVD: CVE-2020-9109

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202009-1687

PATCH

title:huawei-sa-20200930-01-dosurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en

Trust: 0.8

title:Patch for Information Disclosure Vulnerabilities in Multiple Huawei Products (CNVD-2020-68354)url:https://www.cnvd.org.cn/patchInfo/show/241534

Trust: 0.6

title:HUAWEI Mate 20 and HUAWEI Mate 20 X and HUAWEI P30 Pro and HUAWEI Mate 20 RS And glory Magic2 Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131165

Trust: 0.6

sources: CNVD: CNVD-2020-68354 // JVNDB: JVNDB-2020-012335 // CNNVD: CNNVD-202009-1687

EXTERNAL IDS

db:NVDid:CVE-2020-9109

Trust: 3.1

db:JVNDBid:JVNDB-2020-012335

Trust: 0.8

db:CNVDid:CNVD-2020-68354

Trust: 0.6

db:CNNVDid:CNNVD-202009-1687

Trust: 0.6

db:VULMONid:CVE-2020-9109

Trust: 0.1

sources: CNVD: CNVD-2020-68354 // VULMON: CVE-2020-9109 // JVNDB: JVNDB-2020-012335 // CNNVD: CNNVD-202009-1687 // NVD: CVE-2020-9109

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-9109

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200930-01-dos-cn

Trust: 1.2

url:https://cwe.mitre.org/data/definitions/345.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189257

Trust: 0.1

sources: CNVD: CNVD-2020-68354 // VULMON: CVE-2020-9109 // JVNDB: JVNDB-2020-012335 // CNNVD: CNNVD-202009-1687 // NVD: CVE-2020-9109

SOURCES

db:CNVDid:CNVD-2020-68354
db:VULMONid:CVE-2020-9109
db:JVNDBid:JVNDB-2020-012335
db:CNNVDid:CNNVD-202009-1687
db:NVDid:CVE-2020-9109

LAST UPDATE DATE

2024-11-23T23:11:15.887000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-68354date:2020-12-02T00:00:00
db:VULMONid:CVE-2020-9109date:2020-10-20T00:00:00
db:JVNDBid:JVNDB-2020-012335date:2021-04-30T07:13:00
db:CNNVDid:CNNVD-202009-1687date:2020-10-21T00:00:00
db:NVDid:CVE-2020-9109date:2024-11-21T05:40:03.407

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-68354date:2020-12-02T00:00:00
db:VULMONid:CVE-2020-9109date:2020-10-12T00:00:00
db:JVNDBid:JVNDB-2020-012335date:2021-04-30T00:00:00
db:CNNVDid:CNNVD-202009-1687date:2020-09-30T00:00:00
db:NVDid:CVE-2020-9109date:2020-10-12T14:15:14.340