Details of VAR-202003-1709

ID

VAR-202003-1709

CVE

CVE-2020-9064

TITLE

Huawei smartphone Honor V30 Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002967

DESCRIPTION

Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak

Trust: 2.16

sources: NVD: CVE-2020-9064 // JVNDB: JVNDB-2020-002967 // CNVD: CNVD-2020-19917

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-19917

AFFECTED PRODUCTS

vendor:	huawei	model:	honor v30	scope:	lte	version:	oxfords-an00a_10.0.1.167\(c00e166r4p1\)	Trust: 1.0
vendor:	huawei	model:	honor v30	scope:	eq	version:	oxfords-an00a 10.0.1.167(c00e166r4p1)	Trust: 0.8
vendor:	huawei	model:	honor oxfords-an00a <=10.0.1.167	scope:	eq	version:	v30	Trust: 0.6

sources: CNVD: CNVD-2020-19917 // JVNDB: JVNDB-2020-002967 // NVD: CVE-2020-9064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9064
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002967
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-19917
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-619
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9064
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002967
severity:	LOW
baseScore:	2.1
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-19917
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9064
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002967
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-19917 // JVNDB: JVNDB-2020-002967 // CNNVD: CNNVD-202003-619 // NVD: CVE-2020-9064

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-002967 // NVD: CVE-2020-9064

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-619

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-619

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002967

PATCH

title:	huawei-sa-20200311-01-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-smartphone-en	Trust: 0.8
title:	Patch for Huawei Honor V30 OxfordS-AN00A authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/211229	Trust: 0.6
title:	Huawei Honor V30 OxfordS-AN00A Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112034	Trust: 0.6

sources: CNVD: CNVD-2020-19917 // JVNDB: JVNDB-2020-002967 // CNNVD: CNNVD-202003-619

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9064	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-002967	Trust: 0.8
db:	CNVD	id:	CNVD-2020-19917	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-619	Trust: 0.6

sources: CNVD: CNVD-2020-19917 // JVNDB: JVNDB-2020-002967 // CNNVD: CNNVD-202003-619 // NVD: CVE-2020-9064

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9064	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-smartphone-en	Trust: 1.6
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-202003116-01-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9064	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200311-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2020-19917 // JVNDB: JVNDB-2020-002967 // CNNVD: CNNVD-202003-619 // NVD: CVE-2020-9064

SOURCES

db:	CNVD	id:	CNVD-2020-19917
db:	JVNDB	id:	JVNDB-2020-002967
db:	CNNVD	id:	CNNVD-202003-619
db:	NVD	id:	CVE-2020-9064

LAST UPDATE DATE

2024-11-23T23:01:29.364000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-19917	date:	2020-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-002967	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-619	date:	2020-07-09T00:00:00
db:	NVD	id:	CVE-2020-9064	date:	2024-11-21T05:39:57.270

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-19917	date:	2020-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-002967	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-619	date:	2020-03-11T00:00:00
db:	NVD	id:	CVE-2020-9064	date:	2020-03-12T22:15:15.890