CVE-2020-9119 - Vulnerability Details - OpenCVE

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Mate 10 Mate 10 Firmware Mate 30 Mate 30 Firmware Mate 30 Pro Mate 30 Pro Firmware P40 P40 Firmware P40 Pro P40 Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:p40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p40:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:p40_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p40_pro:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-12-24T15:49:40.000Z

Updated: 2024-08-04T10:19:19.817Z

Reserved: 2020-02-18T00:00:00.000Z

Link: CVE-2020-9119

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-24T16:15:15.850

Modified: 2024-11-21T05:40:05.323

Link: CVE-2020-9119

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than 10.0.0.189(C185E6R1P3)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.156(C00E155R7P2)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.156(C00E156R7P2)"}, {"status": "affected", "version": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"}]}], "descriptions": [{"lang": "en", "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-24T15:49:40.000Z", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9119", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro", "version": {"version_data": [{"version_value": "Versions earlier than 10.0.0.189(C185E6R1P3)"}, {"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"}, {"version_value": "Versions earlier than 10.1.0.156(C00E156R7P2)"}, {"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"}, {"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:19.817Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9119", "datePublished": "2020-12-24T15:49:40.000Z", "dateReserved": "2020-02-18T00:00:00.000Z", "dateUpdated": "2024-08-04T10:19:19.817Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A931DA3-C6A4-42FC-B1CB-4FEE4AF2C196", "versionEndExcluding": "10.0.0.189\\(c185e6r1p3\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DCF1F42-FD26-4B31-94F4-D1BCF27D826E", "versionEndExcluding": "10.1.0.156\\(c00e155r7p2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*", "matchCriteriaId": "40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E976B961-87D6-4D1D-9FD5-7F74AB7A9510", "versionEndExcluding": "10.1.0.156\\(c00e156r7p2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "488781A7-935E-4DD6-AD9D-A058067E10AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "40B70EE4-542D-4D2D-9BBE-F0B43FAE4AB0", "versionEndExcluding": "10.1.0.150\\(sp1c00e150r4p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p40:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C2A5CA-8461-432B-9352-56B931B86C71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p40_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3702575-0E94-47BA-855A-5B737D18E4AE", "versionEndExcluding": "10.1.0.150\\(sp1c00e150r4p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p40_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "618CC89B-76FB-4D5D-8626-368370761C8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escalada de privilegios en algunos tel\u00e9fonos inteligentes de Huawei debido a defectos de dise\u00f1o. El atacante necesita contactar f\u00edsicamente con el tel\u00e9fono m\u00f3vil y conseguir mayores privilegios, y ejecutar comandos relevantes, resultando en la promoci\u00f3n de privilegios del usuario"}], "id": "CVE-2020-9119", "lastModified": "2024-11-21T05:40:05.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-24T16:15:15.850", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}