CVE-2020-9073

CWE-287Improper Authentication3 documents3 sources
Severity
2.4LOW
EPSS
0.0%
top 92.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei P20 Firmware
Timeline
PublishedMay 15
Latest updateMay 24

Description

Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

NVDhuawei/p20_firmware< 10.0.0.156\(c00e156r1p4\)
CVEListV5p20Versions earlier than 10.0.0.156(C00E156R1P4)

🔴Vulnerability Details

2
GHSA
GHSA-48xv-3rm6-fh3c: Huawei P20 smartphones with versions earlier than 102022-05-24
CVEList
CVE-2020-9073: Huawei P20 smartphones with versions earlier than 102020-05-15