CVE-2020-1808 : Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Ho

Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal.

Published 2020-05-15 14:15:12

Updated 2020-07-27 13:15:11

Source Huawei Technologies

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2020-1808

Huawei » Honor View 20 Firmware
Versions before (<) 10.0.0.179\(c636e3r4p3\)
cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor View 20 » Version: N/A
Huawei » Honor View 20 Firmware
Versions before (<) 10.0.0.180\(c185e3r3p3\)
cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor View 20 » Version: N/A
Huawei » Honor View 20 Firmware
Versions before (<) 10.0.0.188\(c00e62r2p11\)
cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor View 20 » Version: N/A
Huawei » Honor View 20 Firmware
Versions before (<) 10.0.0.180\(c432e10r3p4\)
cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor View 20 » Version: N/A
Huawei » Honor 20 Firmware
Versions before (<) 10.0.0.187\(c00e60r4p11\)
cpe:2.3:o:huawei:honor_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor 20 » Version: N/A
Huawei » Honor Magic2 Firmware
Versions before (<) 10.0.0.176\(c00e60r2p11\)
cpe:2.3:o:huawei:honor_magic2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor Magic2 » Version: N/A
Huawei » Honor 20 Pro Firmware
Versions before (<) 10.0.0.187\(c00e60r4p11\)
cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor 20 Pro » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-1808

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1808

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2020-1808

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-1808

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-02-smartphone-en

Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-1808

Products affected by CVE-2020-1808

Exploit prediction scoring system (EPSS) score for CVE-2020-1808

CVSS scores for CVE-2020-1808

CWE ids for CVE-2020-1808

References for CVE-2020-1808