Vulnerability-Lookup

CNVD-2020-02968

Vulnerability from cnvd - Published: 2020-01-20

Title

Huawei Honor V30授权问题漏洞

Description

Huawei Honor V30是一款智能手机。 Huawei Honor V30 10.0.1.135(C00E130R4P1)之前版本中存在授权问题漏洞，该漏洞源于系统中的应用对调用其接口的另一个应用未能进行合适的身份校验，攻击者可通过诱使用户安装恶意的应用程序利用该漏洞进行未授权的操作，获取信息。

Severity

中

Patch Name

Huawei Honor V30授权问题漏洞的补丁

Patch Description

Huawei Honor V30是一款智能手机。 Huawei Honor V30 10.0.1.135(C00E130R4P1)之前版本中存在授权问题漏洞，该漏洞源于系统中的应用对调用其接口的另一个应用未能进行合适的身份校验，攻击者可通过诱使用户安装恶意的应用程序利用该漏洞进行未授权的操作，获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-02-smartphone-cn

Reference

https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-02-smartphone-cn

Impacted products

Name
Huawei Honor V30 <10.0.1.135(C00E130R4P1)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1788"
    }
  },
  "description": "Huawei Honor V30\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\nHuawei Honor V30 10.0.1.135(C00E130R4P1)\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u4e2d\u7684\u5e94\u7528\u5bf9\u8c03\u7528\u5176\u63a5\u53e3\u7684\u53e6\u4e00\u4e2a\u5e94\u7528\u672a\u80fd\u8fdb\u884c\u5408\u9002\u7684\u8eab\u4efd\u6821\u9a8c\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-02-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-02968",
  "openTime": "2020-01-20",
  "patchDescription": "Huawei Honor V30\u662f\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\nHuawei Honor V30 10.0.1.135(C00E130R4P1)\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u4e2d\u7684\u5e94\u7528\u5bf9\u8c03\u7528\u5176\u63a5\u53e3\u7684\u53e6\u4e00\u4e2a\u5e94\u7528\u672a\u80fd\u8fdb\u884c\u5408\u9002\u7684\u8eab\u4efd\u6821\u9a8c\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Honor V30\u6388\u6743\u95ee\u9898\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": "Huawei Honor V30 \u003c10.0.1.135(C00E130R4P1)"
  },
  "referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-02-smartphone-cn",
  "serverity": "\u4e2d",
  "submitTime": "2020-01-17",
  "title": "Huawei Honor V30\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2020-1788 (GCVE-0-2020-1788)

Vulnerability from cvelistv5 – Published: 2020-01-21 22:49 – Updated: 2024-08-04 06:46

Summary

Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure.

Severity

No CVSS data available.

CWE

Improper Authentication

Assigner

huawei

References

1 reference

URL	Tags
https://www.huawei.com/en/psirt/security-advisori…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Honor V30	Affected: Versions earlier than 10.0.1.135(C00E130R4P1)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Honor V30",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier than 10.0.1.135(C00E130R4P1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T22:49:53.000Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Honor V30",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier than 10.0.1.135(C00E130R4P1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1788",
    "datePublished": "2020-01-21T22:49:53.000Z",
    "dateReserved": "2019-11-29T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:46:30.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-02968

CVE-2020-1788 (GCVE-0-2020-1788)

Tags

Sightings

Nomenclature