Details of VAR-202010-1183

ID

VAR-202010-1183

CVE

CVE-2020-9092

TITLE

HUAWEI Mate 20 Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012480

DESCRIPTION

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. HUAWEI Mate 20 Is vulnerable to injection.Information may be tampered with. Huawei Mate 20 is a smartphone of China's Huawei (Huawei) company

Trust: 2.25

sources: NVD: CVE-2020-9092 // JVNDB: JVNDB-2020-012480 // CNVD: CNVD-2020-58217 // VULMON: CVE-2020-9092

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-58217

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 20	scope:	lt	version:	10.1.0.163\(c00e160r3p8\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	mate 20	scope:	lt	version:	mate 20 firmware 10.1.0.163(c00e160r3p8) less than	Trust: 0.8
vendor:	huawei	model:	mate <10.1.0.163	scope:	eq	version:	20	Trust: 0.6

sources: CNVD: CNVD-2020-58217 // JVNDB: JVNDB-2020-012480 // NVD: CVE-2020-9092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9092
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9092
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-58217
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202010-636
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-9092
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-9092
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-58217
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9092
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9092
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-58217 // VULMON: CVE-2020-9092 // JVNDB: JVNDB-2020-012480 // CNNVD: CNNVD-202010-636 // NVD: CVE-2020-9092

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	injection (CWE-74) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012480 // NVD: CVE-2020-9092

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202010-636

PATCH

title:	huawei-sa-20201014-01-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en	Trust: 0.8
title:	Patch for HUAWEI Mate 20 JavaScript injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/237439	Trust: 0.6
title:	HUAWEI Mate20 Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131281	Trust: 0.6

sources: CNVD: CNVD-2020-58217 // JVNDB: JVNDB-2020-012480 // CNNVD: CNNVD-202010-636

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9092	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012480	Trust: 0.8
db:	CNVD	id:	CNVD-2020-58217	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-636	Trust: 0.6
db:	VULMON	id:	CVE-2020-9092	Trust: 0.1

sources: CNVD: CNVD-2020-58217 // VULMON: CVE-2020-9092 // JVNDB: JVNDB-2020-012480 // CNNVD: CNNVD-202010-636 // NVD: CVE-2020-9092

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9092	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en	Trust: 1.7
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201014-01-smartphone-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-58217 // VULMON: CVE-2020-9092 // JVNDB: JVNDB-2020-012480 // CNNVD: CNNVD-202010-636 // NVD: CVE-2020-9092

SOURCES

db:	CNVD	id:	CNVD-2020-58217
db:	VULMON	id:	CVE-2020-9092
db:	JVNDB	id:	JVNDB-2020-012480
db:	CNNVD	id:	CNNVD-202010-636
db:	NVD	id:	CVE-2020-9092

LAST UPDATE DATE

2024-11-23T22:05:25.001000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-58217	date:	2020-10-23T00:00:00
db:	VULMON	id:	CVE-2020-9092	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-012480	date:	2021-05-10T07:32:00
db:	CNNVD	id:	CNNVD-202010-636	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2020-9092	date:	2024-11-21T05:40:00.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-58217	date:	2020-10-23T00:00:00
db:	VULMON	id:	CVE-2020-9092	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012480	date:	2021-05-10T00:00:00
db:	CNNVD	id:	CNNVD-202010-636	date:	2020-10-14T00:00:00
db:	NVD	id:	CVE-2020-9092	date:	2020-10-19T20:15:13.087