CVE-2020-1838

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.

CVSS v3 5.5 MEDIUM
CVSS v2.0 1.9 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-06 19:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-1838

Mitre link : CVE-2020-1838

CVE.ORG link : CVE-2020-1838

JSON object : View

Products Affected

huawei

mate_30_pro_firmware
mate_30_pro

CWE

CWE-287

Improper Authentication

{"id": "CVE-2020-1838", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-07-06T19:15:12.463", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential."}, {"lang": "es", "value": "HUAWEI Mate 30 Pro con versiones anteriores a 10.1.0.150(C00E136R5P3), presenta una vulnerabilidad de autenticaci\u00f3n inapropiada. El dispositivo no comprueba suficientemente determinadas credenciales de cara al usuario, un atacante podr\u00eda dise\u00f1ar la credencial del usuario, una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante aprobar la autenticaci\u00f3n con la credencial dise\u00f1ada"}], "lastModified": "2020-07-09T14:39:46.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8EA3EC8-EC3B-4228-B125-0695023E4460", "versionEndExcluding": "10.1.0.150\\(c00e136r5p3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "488781A7-935E-4DD6-AD9D-A058067E10AD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}