CVE-2020-9245 - OpenCVE

HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	P30 P30 Firmware P30 Pro P30 Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-08-10T19:28:04

Updated: 2024-08-04T10:19:20.131Z

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9245

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-10T20:15:11.923

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-9245

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HUAWEI P30, HUAWEI P30 Pro", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than 10.1.0.160(C00E160R2P11)"}]}, {"product": "HUAWEI P30, HUAWEI P30 Pro", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than 10.1.0.160(C00E160R2P8)"}]}], "descriptions": [{"lang": "en", "value": "HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-10T19:28:04", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9245", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI P30, HUAWEI P30 Pro", "version": {"version_data": [{"version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"}]}}]}, "vendor_name": "n/a"}, {"product": {"product_data": [{"product_name": "HUAWEI P30, HUAWEI P30 Pro", "version": {"version_data": [{"version_value": "Versions earlier than 10.1.0.160(C00E160R2P8)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-smartphone-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:20.131Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9245", "datePublished": "2020-08-10T19:28:04", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2024-08-04T10:19:20.131Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*", "matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29C7558A-D8B6-4773-A14D-38EDFFD96E5E", "versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4818ECF7-B4D4-4AF4-9DAA-FE08F56B26FC", "versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function."}, {"lang": "es", "value": "HUAWEI P30 versiones anteriores a 10.1.0.160(C00E160R2P11); HUAWEI P30 Pro versiones anteriores a 10.1.0.160(C00E160R2P8), presentan una vulnerabilidad de denegaci\u00f3n de servicio. Determinada configuraci\u00f3n del sistema puede ser modificada debido a una autorizaci\u00f3n inapropiada. El atacante podr\u00eda enga\u00f1ar al usuario instalando y ejecutando una aplicaci\u00f3n maliciosa, una explotaci\u00f3n con \u00e9xito podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio de la funci\u00f3n PHONE"}], "id": "CVE-2020-9245", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-10T20:15:11.923", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}