CVE-2020-1838

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.

• CVE ID
• CVE-2020-1838

• Assigner
• psirt@huawei.com

• Vulnerability Status
• Analyzed

• Published Version
• 2020-07-06T19:15:12

• Last Modified Date
• 2020-07-09T14:39:46

• Version
• 2.0

• Vector String
• AV:L/AC:M/Au:N/C:N/I:P/A:N

• Access Vector
• LOCAL

• Access Compatibility
• MEDIUM

• Authentication
• NONE

• Confidentiality Impact
• NONE

• Integrity Impact
• PARTIAL

• Availability Impact
• NONE

• Base Score
• 1.9

• Severity
• LOW

• Exploitability Score
• 3.4

• Impact Score
• 2.9

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

• Attack Vector
• LOCAL

• Attack Compatibility
• LOW

• Privileges Required
• NONE

• User Interaction
• REQUIRED

• Scope
• UNCHANGED

• Confidentiality Impact
• NONE

• Availability Impact
• NONE

• Base Score
• 5.5

• Base Severity
• MEDIUM

• Exploitability Score
• 1.8

• Impact Score
• 3.6