Details of VAR-202007-1270

ID

VAR-202007-1270

CVE

CVE-2020-9259

TITLE

Huawei Honor V30 Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-008286

DESCRIPTION

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cause information disclosure. Huawei Honor V30 is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the program's failure to verify the parameters correctly

Trust: 2.16

sources: NVD: CVE-2020-9259 // JVNDB: JVNDB-2020-008286 // CNVD: CNVD-2020-46475

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-46475

AFFECTED PRODUCTS

vendor:	huawei	model:	honor v30	scope:	lt	version:	10.1.0.212\(c00e210r5p1\)	Trust: 1.0
vendor:	huawei	model:	honor v30	scope:	eq	version:	10.1.0.212(c00e210r5p1)	Trust: 0.8
vendor:	huawei	model:	honor <10.1.0.212	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-46475 // JVNDB: JVNDB-2020-008286 // NVD: CVE-2020-9259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9259
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008286
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-46475
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202007-1125
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9259
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008286
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-46475
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9259
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008286
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-46475 // JVNDB: JVNDB-2020-008286 // CNNVD: CNNVD-202007-1125 // NVD: CVE-2020-9259

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-008286 // NVD: CVE-2020-9259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1125

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-1125

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008286

PATCH

title:	huawei-sa-20200715-02-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-02-smartphone-en	Trust: 0.8
title:	Patch for Huawei Honor V30 improper authentication vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/230854	Trust: 0.6
title:	Huawei Honor V30 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124924	Trust: 0.6

sources: CNVD: CNVD-2020-46475 // JVNDB: JVNDB-2020-008286 // CNNVD: CNNVD-202007-1125

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9259	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-008286	Trust: 0.8
db:	CNVD	id:	CNVD-2020-46475	Trust: 0.6
db:	NSFOCUS	id:	49430	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1125	Trust: 0.6

sources: CNVD: CNVD-2020-46475 // JVNDB: JVNDB-2020-008286 // CNNVD: CNNVD-202007-1125 // NVD: CVE-2020-9259

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-02-smartphone-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9259	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-02-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9259	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/49430	Trust: 0.6

sources: CNVD: CNVD-2020-46475 // JVNDB: JVNDB-2020-008286 // CNNVD: CNNVD-202007-1125 // NVD: CVE-2020-9259

SOURCES

db:	CNVD	id:	CNVD-2020-46475
db:	JVNDB	id:	JVNDB-2020-008286
db:	CNNVD	id:	CNNVD-202007-1125
db:	NVD	id:	CVE-2020-9259

LAST UPDATE DATE

2024-11-23T22:44:28.623000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-46475	date:	2020-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008286	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1125	date:	2020-10-12T00:00:00
db:	NVD	id:	CVE-2020-9259	date:	2024-11-21T05:40:17.430

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-46475	date:	2020-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008286	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1125	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-9259	date:	2020-07-17T23:15:11.833