CVE-2020-9226

EPSS 0.04%
Published 06.07.2020 19:15:12
Last modified 21.11.2024 05:40:11
Source psirt@huawei.com
Teams watchlist Login
Open Login

HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ P30 Firmware Version < 10.1.0.135\(c00e135r2p11\)

Huawei ≫ P30 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.096

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-02-smartphone-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-9226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9226

EUVD