CVE-2020-1882

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.

CVSS v3 4.6 MEDIUM
CVSS v2.0 2.1 LOW

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_rs:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:honor_magic2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_magic2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-18 00:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-1882

Mitre link : CVE-2020-1882

CVE.ORG link : CVE-2020-1882

JSON object : View

Products Affected

huawei

honor_magic2
mate_20_x
ever-l29b_firmware
ever-l29b
mate_20_rs
mate_20_x_firmware
mate_20_rs_firmware
honor_magic2_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-1882", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2020-02-18T00:15:11.460", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations."}, {"lang": "es", "value": "Los tel\u00e9fonos m\u00f3viles Huawei Ever-L29B versiones anteriores a 10.0.0.180(C185E6R3P3), anteriores a 10.0.0.180(C432E6R1P7), anteriores a 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versiones anteriores a 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versiones anteriores a 10.0.0.176(C00E70R2P8); y Honor Magic2 versiones anteriores a 10.0.0.175(C00E59R2P11), presentan una vulnerabilidad de autorizaci\u00f3n inapropiada. Debido a una autorizaci\u00f3n inapropiada de alguna funci\u00f3n, un atacante puede omitir la autorizaci\u00f3n para llevar a cabo algunas operaciones."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA794B3-655E-433D-93E0-2E30518047B2", "versionEndExcluding": "10.0.0.175\\(c786e70r3p8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_rs:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99DD3EC3-7E9B-4904-8317-C3528D1CAFEA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1FD50E7-D070-4757-BEBB-56A03E50885D", "versionEndExcluding": "10.0.0.176\\(c00e70r2p8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5FD3779B-F943-4B7E-BF82-AA4A051D02C8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_magic2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51133684-7686-4963-B4F3-AE717B099483", "versionEndExcluding": "10.0.0.175\\(c00e59r2p11\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_magic2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86489593-F6E2-480E-9381-540FA4256A84"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "374EC3D2-C052-4F03-B5AC-312D811ECC9C", "versionEndExcluding": "10.0.0.180\\(c185e6r3p3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEB4EC14-14DE-4AAF-A951-071B4E39270A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F95B6E-95CB-4A0D-801B-7ACC66F2ACF4", "versionEndExcluding": "10.0.0.180\\(c432e6r1p7\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEB4EC14-14DE-4AAF-A951-071B4E39270A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4C190EC-017C-430E-95E6-E89F30790B06", "versionEndExcluding": "10.0.0.180\\(c636e5r2p3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEB4EC14-14DE-4AAF-A951-071B4E39270A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}