CVE-2020-9080 — Improper Privilege Management in Huawei Nova 5I Firmware

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 88.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Nova 5I Firmware Huawei Mate 20 PRO Huawei Nova 5I +1 more

Timeline

PublishedDec 27

Description

There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDhuawei/nova_5i_firmware< 10.0.0.125\(c01e123r7p3\)

▶CVEListV5huawei/huawei_nova_5iVersions earlier than 10.0.0.125(C01E123R7P3)

▶CVEListV5huawei/huawei_mate_20_pro10.1.0.135(C00E135R3P8), 10.1.0.135(C01E135R2P8)+1

▶NVDhuawei/mate_20_pro_firmware10.1.0.135\(c00e135r3p8\), 10.1.0.135\(c01e135r2p8\)+1

🔴Vulnerability Details

CVEList

CVE-2020-9080: There is an improper privilege management vulnerability in Huawei smart phone product↗2024-12-27

▶

GHSA

GHSA-w867-8ghv-295x: There is an improper privilege management vulnerability in Huawei smart phone product↗2024-12-27

▶