cvelistv5 - cve-2020-1801

CVE-2020-1801 (GCVE-0-2020-1801)

Vulnerability from cvelistv5 – Published: 2020-04-10 14:04 – Updated: 2024-08-04 06:46

Summary

Severity ?

No CVSS data available.

CWE

Improper Authentication

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Mate 30 Pro;Mate 30	Affected: Versions earlier than 10.0.0.205(C00E202R7P2) Affected: Versions earlier than 10.0.0.205(C00E201R7P2)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:31.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mate 30 Pro;Mate 30",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier than 10.0.0.205(C00E202R7P2)"
            },
            {
              "status": "affected",
              "version": "Versions earlier than 10.0.0.205(C00E201R7P2)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-10T14:04:19",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mate 30 Pro;Mate 30",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier than 10.0.0.205(C00E202R7P2)"
                          },
                          {
                            "version_value": "Versions earlier than 10.0.0.205(C00E201R7P2)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1801",
    "datePublished": "2020-04-10T14:04:19",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-04T06:46:31.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.0.205\\\\(c00e202r7p2\\\\)\", \"matchCriteriaId\": \"ACAAEF39-37E2-43CE-94E2-59C07E2A1B3D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"488781A7-935E-4DD6-AD9D-A058067E10AD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.0.205\\\\(c00e201r7p2\\\\)\", \"matchCriteriaId\": \"EB853D3C-4E2A-41A8-8BF7-C0055311DA71\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de autenticaci\\u00f3n inapropiada en varios tel\\u00e9fonos inteligentes. Determinada interfaz de funci\\u00f3n en el sistema no comprueba suficientemente la identidad de la persona que llama en cierto escenario compartido, una explotaci\\u00f3n con \\u00e9xito podr\\u00eda causar a una divulgaci\\u00f3n de informaci\\u00f3n. Las versiones del producto afectado incluyen: Mate 30 Pro versiones anteriores a 10.0.0.205(C00E202R7P2); Mate 30 versiones anteriores a 10.0.0.205(C00E201R7P2).\"}]",
      "id": "CVE-2020-1801",
      "lastModified": "2024-11-21T05:11:24.390",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-04-10T15:15:12.880",
      "references": "[{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1801\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2020-04-10T15:15:12.880\",\"lastModified\":\"2024-11-21T05:11:24.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en varios tel\u00e9fonos inteligentes. Determinada interfaz de funci\u00f3n en el sistema no comprueba suficientemente la identidad de la persona que llama en cierto escenario compartido, una explotaci\u00f3n con \u00e9xito podr\u00eda causar a una divulgaci\u00f3n de informaci\u00f3n. Las versiones del producto afectado incluyen: Mate 30 Pro versiones anteriores a 10.0.0.205(C00E202R7P2); Mate 30 versiones anteriores a 10.0.0.205(C00E201R7P2).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.0.205\\\\(c00e202r7p2\\\\)\",\"matchCriteriaId\":\"ACAAEF39-37E2-43CE-94E2-59C07E2A1B3D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"488781A7-935E-4DD6-AD9D-A058067E10AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.0.205\\\\(c00e201r7p2\\\\)\",\"matchCriteriaId\":\"EB853D3C-4E2A-41A8-8BF7-C0055311DA71\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2020-1801

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-1801

Aliases

CVE-2020-1801

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1801",
    "description": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).",
    "id": "GSD-2020-1801"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1801"
      ],
      "details": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).",
      "id": "GSD-2020-1801",
      "modified": "2023-12-13T01:21:57.606152Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2020-1801",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Mate 30 Pro;Mate 30",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions earlier than 10.0.0.205(C00E202R7P2)"
                        },
                        {
                          "version_value": "Versions earlier than 10.0.0.205(C00E201R7P2)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en",
            "refsource": "MISC",
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.0.205\\(c00e202r7p2\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.0.205\\(c00e201r7p2\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1801"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-04-10T15:15Z"
    }
  }
}

FKIE_CVE-2020-1801

Vulnerability from fkie_nvd - Published: 2020-04-10 15:15 - Updated: 2024-11-21 05:11

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	mate_30_pro_firmware	*
huawei	mate_30_pro	-
huawei	mate_30_firmware	*
huawei	mate_30	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACAAEF39-37E2-43CE-94E2-59C07E2A1B3D",
              "versionEndExcluding": "10.0.0.205\\(c00e202r7p2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "488781A7-935E-4DD6-AD9D-A058067E10AD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB853D3C-4E2A-41A8-8BF7-C0055311DA71",
              "versionEndExcluding": "10.0.0.205\\(c00e201r7p2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2)."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en varios tel\u00e9fonos inteligentes. Determinada interfaz de funci\u00f3n en el sistema no comprueba suficientemente la identidad de la persona que llama en cierto escenario compartido, una explotaci\u00f3n con \u00e9xito podr\u00eda causar a una divulgaci\u00f3n de informaci\u00f3n. Las versiones del producto afectado incluyen: Mate 30 Pro versiones anteriores a 10.0.0.205(C00E202R7P2); Mate 30 versiones anteriores a 10.0.0.205(C00E201R7P2)."
    }
  ],
  "id": "CVE-2020-1801",
  "lastModified": "2024-11-21T05:11:24.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-10T15:15:12.880",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FG35-C4C9-GP8P

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-10T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).",
  "id": "GHSA-fg35-c4c9-gp8p",
  "modified": "2022-05-24T17:14:00Z",
  "published": "2022-05-24T17:14:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1801"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2020-22206

Vulnerability from cnvd - Published: 2020-04-09

Title

Huawei Mate 30 Pro和Huawei Mate 30授权问题漏洞

Description

Huawei Mate 30 Pro和Huawei Mate 30都是中国华为（Huawei）公司的一款智能手机。 Huawei Mate 30 Pro 10.0.0.205(C00E202R7P2)之前版本和Mate 30 10.0.0.205(C00E201R7P2)之前版本中存在授权问题漏洞，该漏洞在共享文件的特定场景下，系统中的一些功能接口未对该接口的调用者进行充分地身份认证。攻击者可利用该漏洞获取信息。

Severity

中

Patch Name

Huawei Mate 30 Pro和Huawei Mate 30授权问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200408-01-smartphone-cn

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-1801

Impacted products

Name
['Huawei Mate 30 Pro <10.0.0.205(C00E202R7P2)', 'Huawei Mate 30 <10.0.0.205(C00E201R7P2)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1801"
    }
  },
  "description": "Huawei Mate 30 Pro\u548cHuawei Mate 30\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\nHuawei Mate 30 Pro 10.0.0.205(C00E202R7P2)\u4e4b\u524d\u7248\u672c\u548cMate 30 10.0.0.205(C00E201R7P2)\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5728\u5171\u4eab\u6587\u4ef6\u7684\u7279\u5b9a\u573a\u666f\u4e0b\uff0c\u7cfb\u7edf\u4e2d\u7684\u4e00\u4e9b\u529f\u80fd\u63a5\u53e3\u672a\u5bf9\u8be5\u63a5\u53e3\u7684\u8c03\u7528\u8005\u8fdb\u884c\u5145\u5206\u5730\u8eab\u4efd\u8ba4\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200408-01-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22206",
  "openTime": "2020-04-09",
  "patchDescription": "Huawei Mate 30 Pro\u548cHuawei Mate 30\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\nHuawei Mate 30 Pro 10.0.0.205(C00E202R7P2)\u4e4b\u524d\u7248\u672c\u548cMate 30 10.0.0.205(C00E201R7P2)\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5728\u5171\u4eab\u6587\u4ef6\u7684\u7279\u5b9a\u573a\u666f\u4e0b\uff0c\u7cfb\u7edf\u4e2d\u7684\u4e00\u4e9b\u529f\u80fd\u63a5\u53e3\u672a\u5bf9\u8be5\u63a5\u53e3\u7684\u8c03\u7528\u8005\u8fdb\u884c\u5145\u5206\u5730\u8eab\u4efd\u8ba4\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Mate 30 Pro\u548cHuawei Mate 30\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Mate 30 Pro \u003c10.0.0.205(C00E202R7P2)",
      "Huawei Mate 30 \u003c10.0.0.205(C00E201R7P2)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1801",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-09",
  "title": "Huawei Mate 30 Pro\u548cHuawei Mate 30\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

VAR-202004-0955

Vulnerability from variot - Updated: 2023-12-18 14:04

There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2). Mate 30 Pro and Mate 30 There is an information leakage vulnerability in.Information may be obtained. In the specific scenario of sharing files, some of the functional interfaces in the system are not The caller is fully authenticated

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0955",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mate 30",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.205\\(c00e201r7p2\\)"
      },
      {
        "model": "mate 30 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.205\\(c00e202r7p2\\)"
      },
      {
        "model": "mate 30 pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "10.0.0.205(c00e202r7p2)"
      },
      {
        "model": "mate 30",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "10.0.0.205(c00e202r7p2)"
      },
      {
        "model": "mate pro \u003c10.0.0.205",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "30"
      },
      {
        "model": "mate \u003c10.0.0.205",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "30"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.0.205\\(c00e202r7p2\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.0.205\\(c00e201r7p2\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      }
    ]
  },
  "cve": "CVE-2020-1801",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-003980",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-22206",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-003980",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-1801",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-003980",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-22206",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-535",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller\u0027s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2). Mate 30 Pro and Mate 30 There is an information leakage vulnerability in.Information may be obtained. In the specific scenario of sharing files, some of the functional interfaces in the system are not The caller is fully authenticated",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1801",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ]
  },
  "id": "VAR-202004-0955",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      }
    ],
    "trust": 1.23380308
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:04:44.850000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20200408-01-smartphone",
        "trust": 0.8,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
      },
      {
        "title": "Patch for Huawei Mate 30 Pro and Huawei Mate 30 authorization issue vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/213191"
      },
      {
        "title": "Huawei Mate 30 Pro  and Huawei Mate 30 Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115735"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1801"
      },
      {
        "trust": 1.6,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1801"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200408-01-smartphone-cn"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "date": "2020-04-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "date": "2020-04-10T15:15:12.880000",
        "db": "NVD",
        "id": "CVE-2020-1801"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22206"
      },
      {
        "date": "2020-04-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2020-1801"
      },
      {
        "date": "2020-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mate 30 Pro and  Mate 30 Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003980"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-535"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1801 (GCVE-0-2020-1801)

GSD-2020-1801

FKIE_CVE-2020-1801

GHSA-FG35-C4C9-GP8P

CNVD-2020-22206

VAR-202004-0955

Tags

Sightings

Nomenclature