CVE-2020-1831

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC.

CVSS v3 2.4 LOW
CVSS v2.0 1.9 LOW

2.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-04-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-05-29 21:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-1831

Mitre link : CVE-2020-1831

CVE.ORG link : CVE-2020-1831

JSON object : View

Products Affected

huawei

mate_20
mate_20_firmware

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2020-1831", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2020-05-29T21:15:10.023", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-04-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes HUAWEI Mate 20 con versiones anteriores a la 10.0.0.195(SP31C00E74R3P8), presentan una vulnerabilidad de autorizaci\u00f3n inapropiada. La funci\u00f3n digital balance no restringe suficientemente el tiempo de uso de determinados usuarios, una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un usuario romper el l\u00edmite de la funci\u00f3n digital balance despu\u00e9s de una serie de operaciones con un PC."}], "lastModified": "2020-06-02T17:25:31.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA74FD3B-6D38-4C6F-AC23-1474F03890B0", "versionEndExcluding": "10.0.0.195\\(sp31c00e74r3p8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}