FKIE_CVE-2020-9250

Vulnerability from fkie_nvd - Published: 2024-12-20 02:15 - Updated: 2025-07-11 14:33
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-enBroken Link, Vendor Advisory
Impacted products
Vendor Product Version
huawei mate_20_pro_firmware 10.1.0.160\(c00e160r3p8\)
huawei mate_20_pro -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:10.1.0.160\\(c00e160r3p8\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "66E42492-3CC3-454E-B060-D69153DD99DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de autenticaci\u00f3n insuficiente en algunos tel\u00e9fonos inteligentes Huawei. Un atacante local no autenticado puede manipular un paquete de software para explotar esta vulnerabilidad. Debido a una verificaci\u00f3n insuficiente, una explotaci\u00f3n exitosa puede afectar el servicio. (Identificador de vulnerabilidad: HWPSIRT-2019-12302) A esta vulnerabilidad se le ha asignado un identificador de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-9250."
    }
  ],
  "id": "CVE-2020-9250",
  "lastModified": "2025-07-11T14:33:07.873",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "psirt@huawei.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-20T02:15:05.150",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@huawei.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.