CVE-2020-9076 - OpenCVE

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	P30 P30 Firmware P30 Pro P30 Pro Firmware Tony-al00b Tony-al00b Firmware

Configuration 1 [-]

AND

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-06-15T15:07:13

Updated: 2024-08-04T10:19:19.771Z

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9076

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-15T16:15:23.270

Modified: 2020-06-20T18:48:51.287

Link: CVE-2020-9076

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than 10.1.0.135(C00E135R2P11)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.135(C00E135R2P8),Versions earlier than 10.1.0.135(C01E135R2P8)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.137(C00E137R2P11)"}]}], "descriptions": [{"lang": "en", "value": "HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL."}], "problemTypes": [{"descriptions": [{"description": "Improper Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-15T15:07:13", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9076", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B", "version": {"version_data": [{"version_value": "Versions earlier than 10.1.0.135(C00E135R2P11)"}, {"version_value": "Versions earlier than 10.1.0.135(C00E135R2P8),Versions earlier than 10.1.0.135(C01E135R2P8)"}, {"version_value": "Versions earlier than 10.1.0.137(C00E137R2P11)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:19.771Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9076", "datePublished": "2020-06-15T15:07:13", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2024-08-04T10:19:19.771Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*", "matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E435BD0-2D12-4A15-BF67-4E83C1848884", "versionEndExcluding": "10.1.0.135\\(c00e135r2p11\\)", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E5A64DE-1846-44E8-AA2D-E2EF15F308AA", "versionEndExcluding": "10.1.0.135\\(c00e135r2p8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B88F6982-D7F1-409D-A73C-4E439CA2CAD5", "versionEndExcluding": "10.1.0.135\\(c01e135r2p8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E14B978-2A3C-4F55-8E3A-BA41AB137C33", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "63B310F0-9165-48E3-9609-6CA49D6E10C5", "versionEndExcluding": "10.1.0.137\\(c00e137r2p11\\)", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes HUAWEI P30; HUAWEI P30 Pro; Tony-AL00B con versiones anteriores a 10.1.0.135(C00E135R2P11); versiones anteriores a 10.1.0.135(C00E135R2P8),versiones anteriores a 10.1.0.135, presentan una vulnerabilidad de autenticaci\u00f3n inapropiada. Debido a que la identidad del remitente del mensaje no est\u00e1 siendo verificada apropiadamente, un atacante puede explotar esta vulnerabilidad por medio de un ataque de tipo man-in-the-middle para inducir a un usuario a acceder a una URL maliciosa"}], "id": "CVE-2020-9076", "lastModified": "2020-06-20T18:48:51.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-15T16:15:23.270", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}