| |
Vulnerability CVE-2020-1788
Published: 2020-01-21 Modified: 2020-01-22
Description: |
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. |
Type:
CWE-287 (Improper Authentication)
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en
|
|
|
Copyright 2024, cxsecurity.com
|
|
|