CVE-2020-9081Improper Authorization in Huawei Mate 20 Firmware

CWE-285Improper AuthorizationCWE-863Incorrect Authorization5 documents4 sources
Severity
6.8MEDIUMNVD
CNA3.5
EPSS
0.0%
top 97.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Huawei Mate 20 FirmwareHuawei P30 FirmwareHuawei P30 PRO Firmware+11 more
Timeline
PublishedDec 27

Description

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages14 packages

NVDhuawei/p30_firmware< 10.1.0.160\(c00e160r2p11\)
NVDhuawei/mate_20_firmware< 10.1.0.160\(c00e160r3p8\)+1
NVDhuawei/p30_pro_firmware< 10.1.0.160\(c00e160r2p8\)+1
NVDhuawei/yale-al00a_firmware< 10.1.0.160\(c00e160r8p12\)
NVDhuawei/yale-al50a_firmware< 10.1.0.88\(c00e88r8p1\)

🔴Vulnerability Details

2
GHSA
GHSA-hc6q-5pvq-h8ff: There is an improper authorization vulnerability in some Huawei smartphones2024-12-27
CVEList
CVE-2020-9081: There is an improper authorization vulnerability in some Huawei smartphones2024-12-27
CVE-2020-9081 — Improper Authorization in Huawei | cvebase