CVE-2020-1835 - Vulnerability Details - OpenCVE

HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Mate 30 Mate 30 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-06-18T13:51:21

Updated: 2024-08-04T06:46:31.062Z

Reserved: 2019-11-29T00:00:00

Link: CVE-2020-1835

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-18T14:15:11.263

Modified: 2024-11-21T05:11:27.693

Link: CVE-2020-1835

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HUAWEI Mate 30", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than 10.1.0.126(C00E125R5P3)"}]}], "descriptions": [{"lang": "en", "value": "HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-18T13:51:21", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-1835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI Mate 30", "version": {"version_data": [{"version_value": "Versions earlier than 10.1.0.126(C00E125R5P3)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:31.062Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-1835", "datePublished": "2020-06-18T13:51:21", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2024-08-04T06:46:31.062Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0349BAE0-7FA5-4298-88E8-79EFD767FD7D", "versionEndExcluding": "10.1.0.126\\(c00e125r5p3\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*", "matchCriteriaId": "40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure."}, {"lang": "es", "value": "HUAWEI Mate 30 con versiones anteriores a 10.1.0.126(C00E125R5P3), presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un error de juicio l\u00f3gico ocurre cuando el sistema maneja conexiones Bluetooth, un atacante podr\u00eda dise\u00f1ar un peer Bluetooth autenticado para iniciar el ataque. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n"}], "id": "CVE-2020-1835", "lastModified": "2024-11-21T05:11:27.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-18T14:15:11.263", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-02-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}