CVE-2020-9089 - Vulnerability Details

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Huawei	P30 Pro P30 Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-09-smartphone-en

History

Tue, 14 Jan 2025 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei p30 Pro Huawei p30 Pro Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:huawei:p30_pro:-:::::::* cpe:2.3:o:huawei:p30_pro_firmware::::::::
Vendors & Products		Huawei Huawei p30 Pro Huawei p30 Pro Firmware

Fri, 27 Dec 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Dec 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.
Weaknesses		CWE-200
References		https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-09-smartphone-en
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2024-12-27T09:44:20.785Z

Updated: 2024-12-27T15:06:33.561Z

Reserved: 2020-02-18T00:00:00.000Z

Link: CVE-2020-9089

Vulnrichment

Updated: 2024-12-27T15:06:29.834Z

NVD

Status : Analyzed

Published: 2024-12-27T10:15:13.487

Modified: 2025-01-13T18:58:56.063

Link: CVE-2020-9089

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object