CVE-2020-9244 : HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mat

HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged

Published 2020-08-11 19:15:18

Updated 2021-07-21 11:39:24

Source Huawei Technologies

View at NVD, CVE.org

Products affected by CVE-2020-9244

Huawei » Honor Magic 2 Firmware
Versions before (<) 10.0.0.187\(c00e61r2p11\)
cpe:2.3:o:huawei:honor_magic_2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor Magic 2 » Version: N/A
Huawei » Mate 20 Firmware
Versions before (<) 10.1.0.160\(c00e160r3p8\)
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 20 » Version: N/A
Huawei » P30 Firmware
Versions before (<) 10.1.0.160\(c00e160r2p11\)
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » P30 » Version: N/A
Huawei » P30 Pro Firmware
Versions before (<) 10.1.0.160\(c00e160r2p8\)
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » P30 Pro » Version: N/A
Huawei » Mate 20 X Firmware
Versions before (<) 10.1.0.160\(c00e160r2p8\)
cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 20 X » Version: N/A
Huawei » Honor V20 Firmware
Versions before (<) 10.0.0.188\(c00e62r2p11\)
cpe:2.3:o:huawei:honor_v20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor V20 » Version: N/A
Huawei » Mate 20 Rs Firmware
Versions before (<) 10.1.0.160\(c786e160r3p8\)
cpe:2.3:o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 20 Rs » Version: N/A
Huawei » Mate 20 Pro Firmware
Versions before (<) 10.1.0.273\(c636e7r2p4\)
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 20 Pro » Version: N/A
Huawei » Mate 20 Pro Firmware
Versions before (<) 10.1.0.270\(c431e7r1p5\)
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 20 Pro » Version: N/A
Huawei » Mate 20 Pro Firmware
Versions before (<) 10.1.0.270\(c635e3r1p5\)
cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 20 Pro » Version: N/A
Huawei » Honor 20 Firmware
Versions before (<) 10.0.0.175\(c00e58r4p11\)
cpe:2.3:o:huawei:honor_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor 20 » Version: N/A
Huawei » Honor 20 Pro Firmware
Versions before (<) 10.0.0.194\(c00e62r8p12\)
cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor 20 Pro » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-9244

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-9244

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-9244

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en

Security Advisory - Improper Authentication Vulnerability in Several Smartphones
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-9244

Products affected by CVE-2020-9244

Exploit prediction scoring system (EPSS) score for CVE-2020-9244

CVSS scores for CVE-2020-9244

References for CVE-2020-9244