Vulnerability Name:

CVE-2020-9244 (CCN-186582)

Assigned:2020-08-05
Published:2020-08-05
Updated:2021-07-21
Summary:HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged
CVSS v3 Severity:6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-9244

Source: XF
Type: UNKNOWN
huawei-cve20209244-sec-bypass(186582)

Source: CCN
Type: huawei-sa-20200805-02-smartphone
Improper Authentication Vulnerability in Several Smartphones

Source: MISC
Type: Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:mate_20_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r3p8))
  • AND
  • cpe:/h:huawei:mate_20:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.270(c431e7r1p5))
  • AND
  • cpe:/h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r2p8))
  • AND
  • cpe:/h:huawei:mate_20_x:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:huawei:p30_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r2p11))
  • AND
  • cpe:/h:huawei:p30:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c00e160r2p8))
  • AND
  • cpe:/h:huawei:p30_pro:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.160(c786e160r3p8))
  • AND
  • cpe:/h:huawei:mate_20_rs:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:huawei:honor_magic_2_firmware:*:*:*:*:*:*:*:* (Version < 10.0.0.187(c00e61r2p11))
  • AND
  • cpe:/h:huawei:honor_magic_2:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:huawei:honor_20_firmware:*:*:*:*:*:*:*:* (Version < 10.0.0.175(c00e58r4p11))
  • AND
  • cpe:/h:huawei:honor_20:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.0.0.194(c00e62r8p12))
  • AND
  • cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:huawei:honor_v20_firmware:*:*:*:*:*:*:*:* (Version < 10.0.0.188(c00e62r2p11))
  • AND
  • cpe:/h:huawei:honor_v20:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.270(c635e3r1p5))
  • AND
  • cpe:/h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:* (Version < 10.1.0.273(c636e7r2p4))
  • AND
  • cpe:/h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:huawei:honor_magic_2_firmware:*:*:*:*:*:*:*:* (Version < 10.0.0.187(c00e61r2p11))
  • AND
  • cpe:/h:huawei:honor_magic_2:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:huawei:p30:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:p30_pro:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:mate_20_x:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:mate_20:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:honor_magic_2:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:honor_view_20:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:mate_20_rs:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:mate_20_pro:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:honor_20:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei mate 20 firmware *
    huawei mate 20 -
    huawei mate 20 pro firmware *
    huawei mate 20 pro -
    huawei mate 20 x firmware *
    huawei mate 20 x -
    huawei p30 firmware *
    huawei p30 -
    huawei p30 pro firmware *
    huawei p30 pro -
    huawei mate 20 rs firmware *
    huawei mate 20 rs -
    huawei honor magic 2 firmware *
    huawei honor magic 2 -
    huawei honor 20 firmware *
    huawei honor 20 -
    huawei honor 20 pro firmware *
    huawei honor 20 pro -
    huawei honor v20 firmware *
    huawei honor v20 -
    huawei mate 20 pro firmware *
    huawei mate 20 pro -
    huawei mate 20 pro firmware *
    huawei mate 20 pro -
    huawei honor magic 2 firmware *
    huawei honor magic 2 -
    huawei p30 -
    huawei p30 pro -
    huawei mate 20 x -
    huawei mate 20 -
    huawei honor magic 2 -
    huawei honor view 20 -
    huawei mate 20 rs -
    huawei mate 20 pro -
    huawei honor 20 -
    huawei honor 20 pro -