Sign-up

ID

VAR-202012-1401


CVE

CVE-2020-9119


TITLE

plural  Huawei  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-018300

DESCRIPTION

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. Mate 10 firmware, Mate 30 firmware, Mate 30 Pro firmware etc. Huawei There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2020-9119 // JVNDB: JVNDB-2020-018300

AFFECTED PRODUCTS

vendor:huaweimodel:mate 30scope:ltversion:10.1.0.156\(c00e155r7p2\)

Trust: 1.0

vendor:huaweimodel:mate 30 proscope:ltversion:10.1.0.156\(c00e156r7p2\)

Trust: 1.0

vendor:huaweimodel:p40scope:ltversion:10.1.0.150\(sp1c00e150r4p1\)

Trust: 1.0

vendor:huaweimodel:p40 proscope:ltversion:10.1.0.150\(sp1c00e150r4p1\)

Trust: 1.0

vendor:huaweimodel:mate 10scope:ltversion:10.0.0.189\(c185e6r1p3\)

Trust: 1.0

vendor:huaweimodel:p40scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 10scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 30scope: - version: -

Trust: 0.8

vendor:huaweimodel:p40 proscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-018300 // NVD: CVE-2020-9119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9119
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9119
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202012-1542
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9119
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-9119
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.3
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9119
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-018300 // CNNVD: CNNVD-202012-1542 // NVD: CVE-2020-9119

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-018300 // NVD: CVE-2020-9119

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1542

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202012-1542

PATCH

title:Multiple Huawei Product Privilege License and Access Control Issue Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138013

Trust: 0.6

sources: CNNVD: CNNVD-202012-1542

EXTERNAL IDS

db:NVDid:CVE-2020-9119

Trust: 3.2

db:JVNDBid:JVNDB-2020-018300

Trust: 0.8

db:CNNVDid:CNNVD-202012-1542

Trust: 0.6

sources: JVNDB: JVNDB-2020-018300 // CNNVD: CNNVD-202012-1542 // NVD: CVE-2020-9119

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-9119

Trust: 1.4

sources: JVNDB: JVNDB-2020-018300 // CNNVD: CNNVD-202012-1542 // NVD: CVE-2020-9119

SOURCES

db:JVNDBid:JVNDB-2020-018300
db:CNNVDid:CNNVD-202012-1542
db:NVDid:CVE-2020-9119

LAST UPDATE DATE

2024-11-23T22:47:44.214000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-018300date:2024-07-18T10:27:00
db:CNNVDid:CNNVD-202012-1542date:2021-07-09T00:00:00
db:NVDid:CVE-2020-9119date:2024-11-21T05:40:05.323

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-018300date:2024-07-18T00:00:00
db:CNNVDid:CNNVD-202012-1542date:2020-12-24T00:00:00
db:NVDid:CVE-2020-9119date:2020-12-24T16:15:15.850