CVE-2020-9244
6.8
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD
Description
HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged
Affected (12)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r3p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Mate 20 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.270\(c431e7r1p5\) |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r2p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Mate 20 X | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r2p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei P30 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r2p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei P30 Pro | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c786e160r3p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Mate 20 Rs | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.175\(c00e58r4p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor 20 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.194\(c00e62r8p12\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor 20 Pro | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.188\(c00e62r2p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor V20 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.270\(c635e3r1p5\) |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.273\(c636e7r2p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Mate 20 Pro | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.187\(c00e61r2p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor Magic 2 | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.