Sign-up

ID

VAR-202004-2103


CVE

CVE-2020-9070


TITLE

Huawei Taurus-AL00B information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-27125 // CNNVD: CNNVD-202004-1130

DESCRIPTION

Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure. Huawei smartphone Taurus-AL00B There is an information leakage vulnerability in.Information may be obtained. Huawei Taurus-AL00B is a smart phone of China's Huawei company. The vulnerability stems from the program's inability to fully verify the user's identity

Trust: 2.25

sources: NVD: CVE-2020-9070 // JVNDB: JVNDB-2020-004481 // CNVD: CNVD-2020-27125 // VULMON: CVE-2020-9070

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27125

AFFECTED PRODUCTS

vendor:huaweimodel:taurus-al00bscope:ltversion:10.0.0.205\(c00e201r7p2\)

Trust: 1.0

vendor:huaweimodel:taurus-al00bscope:eqversion:10.0.0.205(c00e201r7p2)

Trust: 0.8

vendor:huaweimodel:taurus-al00b <10.0.0.205scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-27125 // JVNDB: JVNDB-2020-004481 // NVD: CVE-2020-9070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9070
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004481
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-27125
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1130
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-9070
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9070
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004481
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27125
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9070
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004481
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27125 // VULMON: CVE-2020-9070 // JVNDB: JVNDB-2020-004481 // CNNVD: CNNVD-202004-1130 // NVD: CVE-2020-9070

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-004481 // NVD: CVE-2020-9070

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1130

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004481

PATCH
title:huawei-sa-20200415-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-01-smartphone-en
Trust: 0.8
title:Patch for Huawei Taurus-AL00B information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216745
Trust: 0.6
title:Huawei Taurus-AL00B Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116857
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphonesurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=5872c8a11aa811e032ddda98703e3d48
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27125 // 
            
            
            
            VULMON: CVE-2020-9070 // 
            
            
            
            JVNDB: JVNDB-2020-004481 // 
            
            
            
            CNNVD: CNNVD-202004-1130

EXTERNAL IDS
db:NVDid:CVE-2020-9070
Trust: 3.1
db:JVNDBid:JVNDB-2020-004481
Trust: 0.8
db:CNVDid:CNVD-2020-27125
Trust: 0.6
db:CNNVDid:CNNVD-202004-1130
Trust: 0.6
db:VULMONid:CVE-2020-9070
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27125 // 
            
            
            
            VULMON: CVE-2020-9070 // 
            
            
            
            JVNDB: JVNDB-2020-004481 // 
            
            
            
            CNNVD: CNNVD-202004-1130 // 
            
            
            
            NVD: CVE-2020-9070

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-01-smartphone-en
Trust: 2.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-9070
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9070
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200415-01-smartphone-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27125 // 
            
            
            
            VULMON: CVE-2020-9070 // 
            
            
            
            JVNDB: JVNDB-2020-004481 // 
            
            
            
            CNNVD: CNNVD-202004-1130 // 
            
            
            
            NVD: CVE-2020-9070

SOURCES
db:CNVDid:CNVD-2020-27125
db:VULMONid:CVE-2020-9070
db:JVNDBid:JVNDB-2020-004481
db:CNNVDid:CNNVD-202004-1130
db:NVDid:CVE-2020-9070

LAST UPDATE DATE
2024-11-23T22:29:38.383000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27125date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-9070date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-004481date:2020-05-18T00:00:00
db:CNNVDid:CNNVD-202004-1130date:2020-04-26T00:00:00
db:NVDid:CVE-2020-9070date:2024-11-21T05:39:58.170

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27125date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-9070date:2020-04-20T00:00:00
db:JVNDBid:JVNDB-2020-004481date:2020-05-18T00:00:00
db:CNNVDid:CNNVD-202004-1130date:2020-04-15T00:00:00
db:NVDid:CVE-2020-9070date:2020-04-20T20:15:11.870