cnvd - cnvd-2020-02948

CNVD-2020-02948

Vulnerability from cnvd - Published: 2020-01-20

Title

多款Huawei产品拒绝服务漏洞（CNVD-2020-02948）

Description

Huawei Honor V10等都是中国华为（Huawei）公司的产品。Huawei Honor V10是一款智能手机产品。Huawei Honor 10是一款智能手机产品。Mate 10 Pro是一款智能手机。多款huawei手机中存在拒绝服务漏洞，该漏洞源于系统在用户进行某操作时未能检查某特定模块的运行状态，攻击者可通过诱使用户安装恶意应用程序利用该漏洞导致手机重启。

Severity

高

Patch Name

多款Huawei产品拒绝服务漏洞（CNVD-2020-02948）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200102-03-smartphone-cn

Reference

https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200102-03-smartphone-cn

Impacted products

Name
['Huawei Honor V10 <9.1.0.333(C00E333R2P1T8)', 'Huawei Mate 10 Pro <9.1.0.321(C605E4R1P13T8)', 'Huawei Mate 10 Pro <9.1.0.321(C636E4R1P14T8)', 'Huawei Mate 10 Pro <9.1.0.330(C432E6R1P12T8)', 'Huawei Honor V10 <9.1.0.350(C636E4R1P13T8)', 'Huawei Honor V10 <9.1.0.351(C432E5R1P13T8)', 'Huawei Honor 10 <9.1.0.350(C10E5R1P14T8)', 'Huawei Honor 10 <9.1.0.350(C185E3R1P12T8)', 'Huawei Honor 10 <9.1.0.350(C461E3R1P11T8)', 'Huawei Honor 10 <9.1.0.350(C636E3R1P13T8)', 'Huawei Honor 10 <9.1.0.351(C432E5R1P13T8)', 'Huawei Nova 4 <9.1.0.225(C636E1R4P1)']

Name

['Huawei Honor V10 <9.1.0.333(C00E333R2P1T8)', 'Huawei Mate 10 Pro <9.1.0.321(C605E4R1P13T8)', 'Huawei Mate 10 Pro <9.1.0.321(C636E4R1P14T8)', 'Huawei Mate 10 Pro <9.1.0.330(C432E6R1P12T8)', 'Huawei Honor V10 <9.1.0.350(C636E4R1P13T8)', 'Huawei Honor V10 <9.1.0.351(C432E5R1P13T8)', 'Huawei Honor 10 <9.1.0.350(C10E5R1P14T8)', 'Huawei Honor 10 <9.1.0.350(C185E3R1P12T8)', 'Huawei Honor 10 <9.1.0.350(C461E3R1P11T8)', 'Huawei Honor 10 <9.1.0.350(C636E3R1P13T8)', 'Huawei Honor 10 <9.1.0.351(C432E5R1P13T8)', 'Huawei Nova 4 <9.1.0.225(C636E1R4P1)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1785"
    }
  },
  "description": "Huawei Honor V10\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei Honor V10\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002Huawei Honor 10\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002Mate 10 Pro\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\n\u591a\u6b3ehuawei\u624b\u673a\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u5728\u7528\u6237\u8fdb\u884c\u67d0\u64cd\u4f5c\u65f6\u672a\u80fd\u68c0\u67e5\u67d0\u7279\u5b9a\u6a21\u5757\u7684\u8fd0\u884c\u72b6\u6001\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u624b\u673a\u91cd\u542f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200102-03-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-02948",
  "openTime": "2020-01-20",
  "patchDescription": "Huawei Honor V10\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei Honor V10\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002Huawei Honor 10\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002Mate 10 Pro\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\n\u591a\u6b3ehuawei\u624b\u673a\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u5728\u7528\u6237\u8fdb\u884c\u67d0\u64cd\u4f5c\u65f6\u672a\u80fd\u68c0\u67e5\u67d0\u7279\u5b9a\u6a21\u5757\u7684\u8fd0\u884c\u72b6\u6001\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u624b\u673a\u91cd\u542f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-02948\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Honor V10 \u003c9.1.0.333(C00E333R2P1T8)",
      "Huawei Mate 10 Pro \u003c9.1.0.321(C605E4R1P13T8)",
      "Huawei Mate 10 Pro \u003c9.1.0.321(C636E4R1P14T8)",
      "Huawei Mate 10 Pro \u003c9.1.0.330(C432E6R1P12T8)",
      "Huawei Honor V10 \u003c9.1.0.350(C636E4R1P13T8)",
      "Huawei Honor V10 \u003c9.1.0.351(C432E5R1P13T8)",
      "Huawei Honor 10 \u003c9.1.0.350(C10E5R1P14T8)",
      "Huawei Honor 10 \u003c9.1.0.350(C185E3R1P12T8)",
      "Huawei Honor 10 \u003c9.1.0.350(C461E3R1P11T8)",
      "Huawei Honor 10 \u003c9.1.0.350(C636E3R1P13T8)",
      "Huawei Honor 10 \u003c9.1.0.351(C432E5R1P13T8)",
      "Huawei Nova 4 \u003c9.1.0.225(C636E1R4P1)"
    ]
  },
  "referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200102-03-smartphone-cn",
  "serverity": "\u9ad8",
  "submitTime": "2020-01-02",
  "title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-02948\uff09"
}

CVE-2020-1785 (GCVE-0-2020-1785)

Vulnerability from cvelistv5 – Published: 2020-01-03 14:45 – Updated: 2024-08-04 06:46

Summary

Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.

Severity ?

No CVSS data available.

CWE

Denial of Service

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Mate 10 Pro;Honor V10;Honor 10;Nova 4	Affected: Versions earlier than 9.1.0.321(C605E4R1P13T8) Affected: Versions earlier than 9.1.0.321(C636E4R1P14T8) Affected: Versions earlier than 9.1.0.330(C432E6R1P12T8) Affected: Versions earlier than 9.1.0.333(C00E333R2P1T8) Affected: Versions earlier than 9.1.0.350(C636E4R1P13T8) Affected: Versions earlier than 9.1.0.351(C432E5R1P13T8) Affected: Versions earlier than 9.1.0.350(C10E5R1P14T8) Affected: Versions earlier than 9.1.0.350(C185E3R1P12T8) Affected: Versions earlier than 9.1.0.350(C461E3R1P11T8) Affected: Versions earlier than 9.1.0.350(C636E3R1P13T8) Affected: Versions earlier than 9.1.0.225(C636E1R4P1)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 9.1.0.225(C636E1R4P1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-03T14:45:04",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1785",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
                          },
                          {
                            "version_value": "Versions earlier than 9.1.0.225(C636E1R4P1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1785",
    "datePublished": "2020-01-03T14:45:04",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-04T06:46:30.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-02948

CVE-2020-1785 (GCVE-0-2020-1785)

Tags

Sightings

Nomenclature