CVE-2020-1838

Опубликовано: 06 июл. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 1.9

EPSS Низкий

Описание

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*

Версия до 10.1.0.150\(c00e136r5p3\) (исключая)

cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00024

Низкий

5.5 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-7334-vj9v-548q

github

больше 3 лет назад