CVE-2020-1882 - OpenCVE

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Mate 20 X Firmware Ever-l29b Firmware Mate 20 Rs Mate 20 Rs Firmware Honor Magic2 Ever-l29b Honor Magic2 Firmware Mate 20 X

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_rs:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:honor_magic2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_magic2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-02-17T23:43:27

Updated: 2020-02-17T23:43:27

Reserved: 2019-11-29T00:00:00

Link: CVE-2020-1882

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-18T00:15:11.460

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-1882

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Ever-L29B", "vendor": "Huawei", "versions": [{"status": "affected", "version": "earlier than 10.0.0.180(C185E6R3P3)"}, {"status": "affected", "version": "earlier than 10.0.0.180(C432E6R1P7)"}, {"status": "affected", "version": "earlier than 10.0.0.180(C636E5R2P3)"}]}, {"product": "HUAWEI Mate 20 RS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "earlier than 10.0.0.175(C786E70R3P8)"}]}, {"product": "HUAWEI Mate 20 X", "vendor": "Huawei", "versions": [{"status": "affected", "version": "earlier than 10.0.0.176(C00E70R2P8)"}]}, {"product": "Honor Magic2", "vendor": "Huawei", "versions": [{"status": "affected", "version": "earlier than 10.0.0.175(C00E59R2P11)"}]}], "descriptions": [{"lang": "en", "value": "Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations."}], "problemTypes": [{"descriptions": [{"description": "Improper Authorization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-17T23:43:27", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-1882", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ever-L29B", "version": {"version_data": [{"version_value": "earlier than 10.0.0.180(C185E6R3P3)"}, {"version_value": "earlier than 10.0.0.180(C432E6R1P7)"}, {"version_value": "earlier than 10.0.0.180(C636E5R2P3)"}]}}, {"product_name": "HUAWEI Mate 20 RS", "version": {"version_data": [{"version_value": "earlier than 10.0.0.175(C786E70R3P8)"}]}}, {"product_name": "HUAWEI Mate 20 X", "version": {"version_data": [{"version_value": "earlier than 10.0.0.176(C00E70R2P8)"}]}}, {"product_name": "Honor Magic2", "version": {"version_data": [{"version_value": "earlier than 10.0.0.175(C00E59R2P11)"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-1882", "datePublished": "2020-02-17T23:43:27", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2020-02-17T23:43:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BA794B3-655E-433D-93E0-2E30518047B2", "versionEndExcluding": "10.0.0.175\\(c786e70r3p8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_rs:-:*:*:*:*:*:*:*", "matchCriteriaId": "99DD3EC3-7E9B-4904-8317-C3528D1CAFEA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1FD50E7-D070-4757-BEBB-56A03E50885D", "versionEndExcluding": "10.0.0.176\\(c00e70r2p8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FD3779B-F943-4B7E-BF82-AA4A051D02C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_magic2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "51133684-7686-4963-B4F3-AE717B099483", "versionEndExcluding": "10.0.0.175\\(c00e59r2p11\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_magic2:-:*:*:*:*:*:*:*", "matchCriteriaId": "86489593-F6E2-480E-9381-540FA4256A84", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "374EC3D2-C052-4F03-B5AC-312D811ECC9C", "versionEndExcluding": "10.0.0.180\\(c185e6r3p3\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEB4EC14-14DE-4AAF-A951-071B4E39270A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5F95B6E-95CB-4A0D-801B-7ACC66F2ACF4", "versionEndExcluding": "10.0.0.180\\(c432e6r1p7\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEB4EC14-14DE-4AAF-A951-071B4E39270A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ever-l29b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4C190EC-017C-430E-95E6-E89F30790B06", "versionEndExcluding": "10.0.0.180\\(c636e5r2p3\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEB4EC14-14DE-4AAF-A951-071B4E39270A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations."}, {"lang": "es", "value": "Los tel\u00e9fonos m\u00f3viles Huawei Ever-L29B versiones anteriores a 10.0.0.180(C185E6R3P3), anteriores a 10.0.0.180(C432E6R1P7), anteriores a 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versiones anteriores a 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versiones anteriores a 10.0.0.176(C00E70R2P8); y Honor Magic2 versiones anteriores a 10.0.0.175(C00E59R2P11), presentan una vulnerabilidad de autorizaci\u00f3n inapropiada. Debido a una autorizaci\u00f3n inapropiada de alguna funci\u00f3n, un atacante puede omitir la autorizaci\u00f3n para llevar a cabo algunas operaciones."}], "id": "CVE-2020-1882", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-18T00:15:11.460", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}