CVE-2020-1794

Опубликовано: 20 мар. 2020

Источник: nvd

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*

Версия до 10.0.0.188\(c00e74r3p8\) (исключая)

cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*

Версия до 10.0.0.203\(c00e202r7p2\) (исключая)

cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-4fvr-4264-574g

github

больше 3 лет назад