cve-2020-1797
Vulnerability from cvelistv5
Published
2020-05-29 19:27
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | HUAWEI | HUAWEI Mate 20 |
Version: Versions earlier than 10.0.0.185(C00E74R3P8) |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:46:30.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "HUAWEI Mate 20", "vendor": "HUAWEI", "versions": [ { "status": "affected", "version": "Versions earlier than 10.0.0.185(C00E74R3P8)" } ] } ], "descriptions": [ { "lang": "en", "value": "HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Authorization", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-29T19:27:04", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-1797", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "HUAWEI Mate 20", "version": { "version_data": [ { "version_value": "Versions earlier than 10.0.0.185(C00E74R3P8)" } ] } } ] }, "vendor_name": "HUAWEI" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en" } ] } } } }, "cveMetadata": { "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-1797", "datePublished": "2020-05-29T19:27:04", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2024-08-04T06:46:30.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-1797\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2020-05-29T20:15:11.107\",\"lastModified\":\"2024-11-21T05:11:23.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function.\"},{\"lang\":\"es\",\"value\":\"Los tel\u00e9fonos inteligentes HUAWEI Mate 20 con versiones anteriores a la 10.0.0.185(C00E74R3P8), presentan una vulnerabilidad de autorizaci\u00f3n inapropiada. El sistema no restringe apropiadamente el funcionamiento en el modo ADB, una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a determinados usuarios romper el l\u00edmite de la funci\u00f3n digital balance.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.0.185\\\\(c00e74r3p8\\\\)\",\"matchCriteriaId\":\"19CF405F-42E3-4213-868F-9545A1C0E3FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5322963-9375-4E4E-8119-895C224003AE\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.