PT-2020-20477 · Huawei · Tony-Al00B+2
Published
2020-06-15
·
Updated
2020-06-20
·
CVE-2020-9076
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
HUAWEI P30 versions earlier than 10.1.0.135
HUAWEI P30 Pro versions earlier than 10.1.0.135
Tony-AL00B smartphones versions earlier than 10.1.0.135
Description
The issue is related to an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through a man-in-the-middle attack to induce the user to access a malicious URL.
Recommendations
For HUAWEI P30 versions earlier than 10.1.0.135, update to version 10.1.0.135 or later.
For HUAWEI P30 Pro versions earlier than 10.1.0.135, update to version 10.1.0.135 or later.
For Tony-AL00B smartphones versions earlier than 10.1.0.135, update to version 10.1.0.135 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei P30
Huawei P30 Pro
Tony-Al00B