CVE-2020-9244
Last modified
CVE-2020-9244 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Mate 20 Firmware | < 10.1.0.160\(c00e160r3p8\) |
| Huawei | Mate 20 Pro Firmware | < 10.1.0.270\(c431e7r1p5\) |
| Huawei | Mate 20 X Firmware | < 10.1.0.160\(c00e160r2p8\) |
| Huawei | P30 Firmware | < 10.1.0.160\(c00e160r2p11\) |
| Huawei | P30 Pro Firmware | < 10.1.0.160\(c00e160r2p8\) |
| Huawei | Mate 20 Rs Firmware | < 10.1.0.160\(c786e160r3p8\) |
| Huawei | Honor Magic 2 Firmware | < 10.0.0.187\(c00e61r2p11\) |
| Huawei | Honor 20 Firmware | < 10.0.0.175\(c00e58r4p11\) |
| Huawei | Honor 20 Pro Firmware | < 10.0.0.194\(c00e62r8p12\) |
| Huawei | Honor V20 Firmware | < 10.0.0.188\(c00e62r2p11\) |
| Huawei | Mate 20 Pro Firmware | < 10.1.0.270\(c635e3r1p5\) |
| Huawei | Mate 20 Pro Firmware | < 10.1.0.273\(c636e7r2p4\) |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9244?
How severe is CVE-2020-9244?
How do I fix CVE-2020-9244?
Are you affected by CVE-2020-9244?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST