Details of VAR-202012-1410

ID

VAR-202012-1410

CVE

CVE-2020-9202

TITLE

Huawei of te mobile Vulnerability in insecure storage of critical information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-018295

DESCRIPTION

There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure

Trust: 1.71

sources: NVD: CVE-2020-9202 // JVNDB: JVNDB-2020-018295 // VULHUB: VHN-187327

AFFECTED PRODUCTS

vendor:	huawei	model:	te mobile	scope:	eq	version:	v600r006c10spc100	Trust: 1.8
vendor:	huawei	model:	te mobile	scope:	eq	version:	v600r006c10	Trust: 1.8
vendor:	huawei	model:	te mobile	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te mobile	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-018295 // NVD: CVE-2020-9202

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9202
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9202
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202012-797
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-187327
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-9202
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-187327
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9202
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9202
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187327 // JVNDB: JVNDB-2020-018295 // CNNVD: CNNVD-202012-797 // NVD: CVE-2020-9202

PROBLEMTYPE DATA

problemtype:	CWE-922	Trust: 1.0
problemtype:	Insecure storage of important information (CWE-922) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018295 // NVD: CVE-2020-9202

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-797

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-797

PATCH

title:

Huawei TE Mobile Repair measures for information disclosure vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136388

Trust: 0.6

sources: CNNVD: CNNVD-202012-797

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9202	Trust: 3.3
db:	JVNDB	id:	JVNDB-2020-018295	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-797	Trust: 0.7
db:	VULHUB	id:	VHN-187327	Trust: 0.1

sources: VULHUB: VHN-187327 // JVNDB: JVNDB-2020-018295 // CNNVD: CNNVD-202012-797 // NVD: CVE-2020-9202

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-informationleak-en	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9202	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201209-01-informationleak-cn	Trust: 0.6

sources: VULHUB: VHN-187327 // JVNDB: JVNDB-2020-018295 // CNNVD: CNNVD-202012-797 // NVD: CVE-2020-9202

SOURCES

db:	VULHUB	id:	VHN-187327
db:	JVNDB	id:	JVNDB-2020-018295
db:	CNNVD	id:	CNNVD-202012-797
db:	NVD	id:	CVE-2020-9202

LAST UPDATE DATE

2024-11-23T22:47:44.191000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187327	date:	2020-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-018295	date:	2024-07-18T10:27:00
db:	CNNVD	id:	CNNVD-202012-797	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-9202	date:	2024-11-21T05:40:09.227

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187327	date:	2020-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-018295	date:	2024-07-18T00:00:00
db:	CNNVD	id:	CNNVD-202012-797	date:	2020-12-09T00:00:00
db:	NVD	id:	CVE-2020-9202	date:	2020-12-24T16:15:16.210