CVE-2020-9244 — MEDIUM (6.8)

Q: How severe is CVE-2020-9244?

CVE-2020-9244 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-9244?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 20 Firmware, Huawei Mate 20, Huawei Mate 20 Pro Firmware, Huawei Mate 20 Pro, Huawei Mate 20 X Firmware.

Vulnerability Description

HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Mate 20 Firmware	< 10.1.0.160\(c00e160r3p8\)
Huawei	Mate 20	-
Huawei	Mate 20 Pro Firmware	< 10.1.0.270\(c431e7r1p5\)
Huawei	Mate 20 Pro	-
Huawei	Mate 20 X Firmware	< 10.1.0.160\(c00e160r2p8\)
Huawei	Mate 20 X	-
Huawei	P30 Firmware	< 10.1.0.160\(c00e160r2p11\)
Huawei	P30	-
Huawei	P30 Pro Firmware	< 10.1.0.160\(c00e160r2p8\)
Huawei	P30 Pro	-
Huawei	Mate 20 Rs Firmware	< 10.1.0.160\(c786e160r3p8\)
Huawei	Mate 20 Rs	-
Huawei	Honor Magic 2 Firmware	< 10.0.0.187\(c00e61r2p11\)
Huawei	Honor Magic 2	-
Huawei	Honor 20 Firmware	< 10.0.0.175\(c00e58r4p11\)
Huawei	Honor 20	-
Huawei	Honor 20 Pro Firmware	< 10.0.0.194\(c00e62r8p12\)
Huawei	Honor 20 Pro	-
Huawei	Honor V20 Firmware	< 10.0.0.188\(c00e62r2p11\)
Huawei	Honor V20	-

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartpVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartpVendor Advisory

FAQ

What is CVE-2020-9244?

CVE-2020-9244 is a vulnerability with a CVSS score of 6.8 (MEDIUM). HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions ear...

How severe is CVE-2020-9244?

CVE-2020-9244 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9244?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 20 Firmware, Huawei Mate 20, Huawei Mate 20 Pro Firmware, Huawei Mate 20 Pro, Huawei Mate 20 X Firmware.