Details of VAR-202008-1252

ID

VAR-202008-1252

CVE

CVE-2020-9081

TITLE

plural Huawei Fraudulent Authentication Vulnerability in Products

Trust: 0.8

sources: JVNDB: JVNDB-2020-018356

DESCRIPTION

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081. Mate 20 firmware, P30 firmware, P30 Pro firmware etc. Huawei The product contains an incorrect authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2020-9081 // JVNDB: JVNDB-2020-018356

AFFECTED PRODUCTS

vendor:	huawei	model:	princeton-al10d	scope:	lt	version:	10.1.0.160\(c00e160r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	lt	version:	10.1.0.160\(c00e160r2p8\)	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	lt	version:	10.1.0.160\(c01e160r2p8\)	Trust: 1.0
vendor:	huawei	model:	yalep-al10b	scope:	lt	version:	10.1.0.160\(c00e160r8p12\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.160\(c00e160r2p11\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	lt	version:	10.1.0.160\(c00e160r3p8\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	lt	version:	10.1.0.160\(c01e160r2p8\)	Trust: 1.0
vendor:	huawei	model:	yale-al50a	scope:	lt	version:	10.1.0.88\(c00e88r8p1\)	Trust: 1.0
vendor:	huawei	model:	yale-al00a	scope:	lt	version:	10.1.0.160\(c00e160r8p12\)	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	princeton-al10d	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	yale-al50a	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	yalep-al10b	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	mate 20	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	yale-al00a	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p30	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-018356 // NVD: CVE-2020-9081

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com:	CVE-2020-9081
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2020-9081
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9081
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202008-1321
value:	LOW
Trust: 0.6

psirt@huawei.com:	CVE-2020-9081
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	2.5
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2020-9081
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9081
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-018356 // CNNVD: CNNVD-202008-1321 // NVD: CVE-2020-9081 // NVD: CVE-2020-9081

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	CWE-863	Trust: 1.0
problemtype:	Inappropriate authorization (CWE-285) [ others ]	Trust: 0.8
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018356 // NVD: CVE-2020-9081

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1321

PATCH

title:

Huawei product security vulnerabilities repair measures

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126964

Trust: 0.6

sources: CNNVD: CNNVD-202008-1321

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9081	Trust: 3.2
db:	JVNDB	id:	JVNDB-2020-018356	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-1321	Trust: 0.6

sources: JVNDB: JVNDB-2020-018356 // CNNVD: CNNVD-202008-1321 // NVD: CVE-2020-9081

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9081	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-15-smartphone-cn	Trust: 0.6

sources: JVNDB: JVNDB-2020-018356 // CNNVD: CNNVD-202008-1321 // NVD: CVE-2020-9081

SOURCES

db:	JVNDB	id:	JVNDB-2020-018356
db:	CNNVD	id:	CNNVD-202008-1321
db:	NVD	id:	CVE-2020-9081

LAST UPDATE DATE

2025-01-19T23:30:55.116000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-018356	date:	2025-01-16T09:13:00
db:	CNNVD	id:	CNNVD-202008-1321	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-9081	date:	2025-01-10T20:37:44.267

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-018356	date:	2025-01-16T00:00:00
db:	CNNVD	id:	CNNVD-202008-1321	date:	2020-08-26T00:00:00
db:	NVD	id:	CVE-2020-9081	date:	2024-12-27T10:15:10.937