CVE-2020-1796

Опубликовано: 20 мар. 2020

Источник: nvd

CVSS3: 6.6

CVSS2: 4.6

EPSS Низкий

Описание

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-05-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-05-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*

Версия до 10.0.0.188\(c00e74r3p8\) (включая)

cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*

Версия до 10.0.0.203\(c00e202r7p2\) (включая)

cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

6.6 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-xxfv-6426-45jv

github

около 3 лет назад