Lucene search

Huawei TechnologiesHUAWEI-SA-20200617-01-SMARTPHONE

HistoryJun 17, 2020 - 12:00 a.m.

Security Advisory - Insufficient Integrity Check Vulnerability in Several Smartphones

2020-06-1700:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

There is an insufficient integrity check vulnerability in several smartphones. The system does not check certain software package’s integrity sufficiently, successful exploit could allow an attacker to load a crafted software package to the device. (Vulnerability ID: HWPSIRT-2019-11020)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1834.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-01-smartphone-en

Affected configurations

Vulners

Node

huaweimate_s_firmwareRange<10.1.0.135

huaweimate_9_proRange<10.1.0.270

huaweimate_9_proRange<10.1.0.273

huaweimate_9_proRange<10.1.0.277

huaweimate_s_firmwareRange<10.1.0.135

huaweihuawei_p30Range<10.1.0.123

huaweihuawei_p30Range<10.1.0.126

huaweihuawei_p30Range<10.1.0.128

huaweihuawei_p30Range<10.1.0.135

huaweihuawei_p30Range<10.1.0.160

huaweihonor_view_20Range<10.0.0.179

huaweihonor_view_20Range<10.0.0.180

huaweilaya-al00epRange<10.1.0.135

huaweiprinceton-al10dRange<10.1.0.160

huaweiyale-l61cRange<9.1.0.179

huaweiyale-al50aRange<9.1.1.158

huaweiyale-l21aRange<10.0.0.184

CPENameOperatorVersion
huawei mate 20lt10.1.0.135
huawei mate 20lt10.1.0.135
huawei mate 20 prolt10.1.0.270
huawei mate 20 prolt10.1.0.270
huawei mate 20 prolt10.1.0.273
huawei mate 20 prolt10.1.0.273
huawei mate 20 prolt10.1.0.277
huawei mate 20 prolt10.1.0.277
huawei mate 20 prolt10.1.0.277
huawei mate 20 xlt10.1.0.135

Name	Operator	Version
huawei mate 20	lt	10.1.0.135
huawei mate 20	lt	10.1.0.135
huawei mate 20 pro	lt	10.1.0.270
huawei mate 20 pro	lt	10.1.0.270
huawei mate 20 pro	lt	10.1.0.273
huawei mate 20 pro	lt	10.1.0.273
huawei mate 20 pro	lt	10.1.0.277
huawei mate 20 pro	lt	10.1.0.277
huawei mate 20 pro	lt	10.1.0.277
huawei mate 20 x	lt	10.1.0.135

Rows per page:

1-10 of 291

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for HUAWEI-SA-20200617-01-SMARTPHONE