SB2020031907 - Multiple vulnerabilities in Huawei Mate 20 and Mate 30 Pro
Published: March 19, 2020 Updated: October 14, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Business Logic Errors (CVE-ID: CVE-2020-1795)
The vulnerability allows a local user to compromise the target device.
The vulnerability exists due to the affected software does not properly restrict certain operation when the Digital Balance function is on. An authenticated attacker with physical access can bypass the Digital Balance limit after a series of operations.
2) Improper Authentication (CVE-ID: CVE-2020-1794)
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to the applock does not perform a sufficient authentication in certain scenarios. An attacker with physical access can bypass authentication process and gain certain data of the application which is locked.
3) Improper Authentication (CVE-ID: CVE-2020-1793)
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to the applock does not perform a sufficient authentication in certain scenarios. An attacker with physical access can bypass authentication process and gain certain data of the application which is locked.
4) Improper Authentication (CVE-ID: CVE-2020-1796)
The vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to an error in authorization process to certain user. An authenticated attacker with physical access can bypass authentication process and perform certain operation which the user are supposed not to do.
5) Improper Authorization (CVE-ID: CVE-2020-1807)
The vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to the affected software does not properly restrict certain user's modification of certain configuration file. An attacker with physical access to the device can bypass app lock after a series of operation in ADB mode.
6) Buffer overflow (CVE-ID: CVE-2020-9113)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker on the local network can craft Bluetooth messages after successful paring, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-04-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-05-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-bluetooth-en