CVE-2020-9119 - OpenCVE

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Mate 30 Firmware P40 Pro Firmware Mate 10 Mate 30 Pro Firmware P40 Firmware P40 P40 Pro Mate 10 Firmware Mate 30 Pro Mate 30

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:p40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p40:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:p40_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p40_pro:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-12-24T15:49:40

Updated: 2020-12-24T15:49:40

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9119

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-24T16:15:15.850

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-9119

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than 10.0.0.189(C185E6R1P3)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.156(C00E155R7P2)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.156(C00E156R7P2)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"}]}], "descriptions": [{"lang": "en", "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-24T15:49:40", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9119", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro", "version": {"version_data": [{"version_value": "Versions earlier than 10.0.0.189(C185E6R1P3)"}, {"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"}, {"version_value": "Versions earlier than 10.1.0.156(C00E156R7P2)"}, {"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"}, {"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9119", "datePublished": "2020-12-24T15:49:40", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2020-12-24T15:49:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A931DA3-C6A4-42FC-B1CB-4FEE4AF2C196", "versionEndExcluding": "10.0.0.189\\(c185e6r1p3\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DCF1F42-FD26-4B31-94F4-D1BCF27D826E", "versionEndExcluding": "10.1.0.156\\(c00e155r7p2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*", "matchCriteriaId": "40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E976B961-87D6-4D1D-9FD5-7F74AB7A9510", "versionEndExcluding": "10.1.0.156\\(c00e156r7p2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "488781A7-935E-4DD6-AD9D-A058067E10AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "40B70EE4-542D-4D2D-9BBE-F0B43FAE4AB0", "versionEndExcluding": "10.1.0.150\\(sp1c00e150r4p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p40:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C2A5CA-8461-432B-9352-56B931B86C71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p40_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3702575-0E94-47BA-855A-5B737D18E4AE", "versionEndExcluding": "10.1.0.150\\(sp1c00e150r4p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p40_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "618CC89B-76FB-4D5D-8626-368370761C8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escalada de privilegios en algunos tel\u00e9fonos inteligentes de Huawei debido a defectos de dise\u00f1o. El atacante necesita contactar f\u00edsicamente con el tel\u00e9fono m\u00f3vil y conseguir mayores privilegios, y ejecutar comandos relevantes, resultando en la promoci\u00f3n de privilegios del usuario"}], "id": "CVE-2020-9119", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-24T16:15:15.850", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}