Sign-up

ID

VAR-202005-0972


CVE

CVE-2020-9073


TITLE

Huawei P20 Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-005516

DESCRIPTION

Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. Huawei P20 is a smart phone of China's Huawei company. The vulnerability results from the program not fully verifying the user's identity

Trust: 2.25

sources: NVD: CVE-2020-9073 // JVNDB: JVNDB-2020-005516 // CNVD: CNVD-2020-28977 // VULMON: CVE-2020-9073

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28977

AFFECTED PRODUCTS

vendor:huaweimodel:p20scope:ltversion:10.0.0.156\(c00e156r1p4\)

Trust: 1.0

vendor:huaweimodel:p20scope:eqversion:10.0.0.156(c00e156r1p4)

Trust: 0.8

vendor:huaweimodel:p20 <10.0.0.156scope: - version: -

Trust: 0.6

vendor:huaweimodel:p20scope:eqversion: -

Trust: 0.1

vendor:huaweimodel:p20scope:eqversion:8.1.0.109

Trust: 0.1

vendor:huaweimodel:p20scope:eqversion:8.1.0.120

Trust: 0.1

vendor:huaweimodel:p20scope:eqversion:8.1.0.121

Trust: 0.1

vendor:huaweimodel:p20scope:eqversion:8.1.0.128

Trust: 0.1

vendor:huaweimodel:p20scope:eqversion:8.1.0.130

Trust: 0.1

vendor:huaweimodel:p20scope:eqversion:8.1.0.171(c00)

Trust: 0.1

vendor:huaweimodel:p20scope:eqversion:9.1.0.333(c00e333r1p1t8)

Trust: 0.1

sources: CNVD: CNVD-2020-28977 // VULMON: CVE-2020-9073 // JVNDB: JVNDB-2020-005516 // NVD: CVE-2020-9073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9073
value: LOW

Trust: 1.0

NVD: JVNDB-2020-005516
value: LOW

Trust: 0.8

CNVD: CNVD-2020-28977
value: LOW

Trust: 0.6

CNNVD: CNNVD-202005-774
value: LOW

Trust: 0.6

VULMON: CVE-2020-9073
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-9073
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005516
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28977
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9073
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005516
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28977 // VULMON: CVE-2020-9073 // JVNDB: JVNDB-2020-005516 // CNNVD: CNNVD-202005-774 // NVD: CVE-2020-9073

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-005516 // NVD: CVE-2020-9073

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202005-774

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005516

PATCH
title:huawei-sa-20200513-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-01-smartphone-en
Trust: 0.8
title:Patch for Huawei P20 improper authentication vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/217953
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphonesurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=9872054a88c96be4836d3709046e4c19
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28977 // 
            
            
            
            VULMON: CVE-2020-9073 // 
            
            
            
            JVNDB: JVNDB-2020-005516

EXTERNAL IDS
db:NVDid:CVE-2020-9073
Trust: 3.1
db:JVNDBid:JVNDB-2020-005516
Trust: 0.8
db:CNVDid:CNVD-2020-28977
Trust: 0.6
db:NSFOCUSid:47370
Trust: 0.6
db:CNNVDid:CNNVD-202005-774
Trust: 0.6
db:VULMONid:CVE-2020-9073
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28977 // 
            
            
            
            VULMON: CVE-2020-9073 // 
            
            
            
            JVNDB: JVNDB-2020-005516 // 
            
            
            
            CNNVD: CNNVD-202005-774 // 
            
            
            
            NVD: CVE-2020-9073

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-01-smartphone-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9073
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200513-01-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9073
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47370
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181883
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28977 // 
            
            
            
            VULMON: CVE-2020-9073 // 
            
            
            
            JVNDB: JVNDB-2020-005516 // 
            
            
            
            CNNVD: CNNVD-202005-774 // 
            
            
            
            NVD: CVE-2020-9073

SOURCES
db:CNVDid:CNVD-2020-28977
db:VULMONid:CVE-2020-9073
db:JVNDBid:JVNDB-2020-005516
db:CNNVDid:CNNVD-202005-774
db:NVDid:CVE-2020-9073

LAST UPDATE DATE
2024-11-23T23:11:25.636000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28977date:2020-05-19T00:00:00
db:VULMONid:CVE-2020-9073date:2020-05-19T00:00:00
db:JVNDBid:JVNDB-2020-005516date:2020-06-17T00:00:00
db:CNNVDid:CNNVD-202005-774date:2020-08-03T00:00:00
db:NVDid:CVE-2020-9073date:2024-11-21T05:39:58.613

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28977date:2020-05-19T00:00:00
db:VULMONid:CVE-2020-9073date:2020-05-15T00:00:00
db:JVNDBid:JVNDB-2020-005516date:2020-06-17T00:00:00
db:CNNVDid:CNNVD-202005-774date:2020-05-13T00:00:00
db:NVDid:CVE-2020-9073date:2020-05-15T14:15:11.967