CVE-2020-9256

{"id": "CVE-2020-9256", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-07-18T01:16:35.427", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-05-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes Huawei Mate 30 Pro con versiones anteriores a 10.1.0.150(C00E136R5P3), presentan una vulnerabilidad de autorizaci\u00f3n inapropiada. El sistema no restringe apropiadamente el uso del servicio del sistema por las aplicaciones, el atacante debe enga\u00f1ar al usuario para que instale una aplicaci\u00f3n maliciosa, una explotaci\u00f3n con \u00e9xito podr\u00eda causar una denegaci\u00f3n del servicio de audio"}], "lastModified": "2020-07-24T15:18:35.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8EA3EC8-EC3B-4228-B125-0695023E4460", "versionEndExcluding": "10.1.0.150\\(c00e136r5p3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "488781A7-935E-4DD6-AD9D-A058067E10AD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}