- Description
- There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).
- Source
- psirt@huawei.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACAAEF39-37E2-43CE-94E2-59C07E2A1B3D",
"versionEndExcluding": "10.0.0.205\\(c00e202r7p2\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "488781A7-935E-4DD6-AD9D-A058067E10AD"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB853D3C-4E2A-41A8-8BF7-C0055311DA71",
"versionEndExcluding": "10.0.0.205\\(c00e201r7p2\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]