mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
68 lines
2.6 KiB
JSON
68 lines
2.6 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2020-9076",
|
|
"ASSIGNER": "psirt@huawei.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "n/a",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "Versions earlier than 10.1.0.135(C00E135R2P11)"
|
|
},
|
|
{
|
|
"version_value": "Versions earlier than 10.1.0.135(C00E135R2P8),Versions earlier than 10.1.0.135(C01E135R2P8)"
|
|
},
|
|
{
|
|
"version_value": "Versions earlier than 10.1.0.137(C00E137R2P11)"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Improper Authentication"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en",
|
|
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL."
|
|
}
|
|
]
|
|
}
|
|
} |