Sign-up

ID

VAR-202001-0901


CVE

CVE-2020-1788


TITLE

Honor V30 Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-001397

DESCRIPTION

Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. Malicious applications use this vulnerability to perform unauthorized operations and obtain information

Trust: 2.16

sources: NVD: CVE-2020-1788 // JVNDB: JVNDB-2020-001397 // CNVD: CNVD-2020-02968

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02968

AFFECTED PRODUCTS

vendor:huaweimodel:honor v30scope:ltversion:10.0.1.135\(c00e130r4p1\)

Trust: 1.0

vendor:huaweimodel:honor v30scope:ltversion:10.0.1.135(c00e130r4p1)

Trust: 0.8

vendor:huaweimodel:honor <10.0.1.135scope:eqversion:v30

Trust: 0.6

sources: CNVD: CNVD-2020-02968 // JVNDB: JVNDB-2020-001397 // NVD: CVE-2020-1788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1788
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1788
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-02968
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-778
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1788
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02968
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1788
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-1788
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02968 // JVNDB: JVNDB-2020-001397 // CNNVD: CNNVD-202001-778 // NVD: CVE-2020-1788

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-001397 // NVD: CVE-2020-1788

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-778

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-778

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001397

PATCH
title:huawei-sa-20200115-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en
Trust: 0.8
title:Patch for Huawei Honor V30 Authorization Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197401
Trust: 0.6
title:Huawei Honor V30 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107106
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02968 // 
            
            
            
            JVNDB: JVNDB-2020-001397 // 
            
            
            
            CNNVD: CNNVD-202001-778

EXTERNAL IDS
db:NVDid:CVE-2020-1788
Trust: 3.0
db:JVNDBid:JVNDB-2020-001397
Trust: 0.8
db:CNVDid:CNVD-2020-02968
Trust: 0.6
db:CNNVDid:CNNVD-202001-778
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02968 // 
            
            
            
            JVNDB: JVNDB-2020-001397 // 
            
            
            
            CNNVD: CNNVD-202001-778 // 
            
            
            
            NVD: CVE-2020-1788

REFERENCES
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-02-smartphone-cn
Trust: 1.8
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1788
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1788
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-02968 // 
            
            
            
            JVNDB: JVNDB-2020-001397 // 
            
            
            
            CNNVD: CNNVD-202001-778 // 
            
            
            
            NVD: CVE-2020-1788

SOURCES
db:CNVDid:CNVD-2020-02968
db:JVNDBid:JVNDB-2020-001397
db:CNNVDid:CNNVD-202001-778
db:NVDid:CVE-2020-1788

LAST UPDATE DATE
2024-11-23T22:44:45.311000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02968date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2020-001397date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-778date:2020-03-19T00:00:00
db:NVDid:CVE-2020-1788date:2024-11-21T05:11:22.947

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02968date:2020-01-20T00:00:00
db:JVNDBid:JVNDB-2020-001397date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-778date:2020-01-15T00:00:00
db:NVDid:CVE-2020-1788date:2020-01-21T23:15:13.647