CVE-2020-9244

6.8MEDIUM

Key Information:

Vendor: Huawei
Status: Huawei Mate 20;huawei Mate 20 Pro;huawei Mate 20 X;huawei P30;huawei P30 Pro;huawei Mate 20 Rs;honormagic2;honor20;honor20 Pro;honormagic2;honorv20
Vendor: CVE Published:; 11 August 2020

Summary

HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged

Affected Version(s)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20 Versions earlier than 10.1.0.160(C00E160R3P8)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20 Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20 Versions earlier than 10.1.0.160(C00E160R2P8)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2020
Vulnerability Reserved
Feb 18, 2020