CVE-2020-9119Improper Privilege Management in Huawei Mate 10 Firmware

CWE-269Improper Privilege Management3 documents3 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 91.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Huawei Mate 10 FirmwareHuawei Mate 30 FirmwareHuawei Mate 30 PRO Firmware+2 more
Timeline
PublishedDec 24
Latest updateMay 24

Description

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages5 packages

NVDhuawei/p40_firmware< 10.1.0.150\(sp1c00e150r4p1\)
NVDhuawei/mate_10_firmware< 10.0.0.189\(c185e6r1p3\)
NVDhuawei/mate_30_firmware< 10.1.0.156\(c00e155r7p2\)
NVDhuawei/p40_pro_firmware< 10.1.0.150\(sp1c00e150r4p1\)
NVDhuawei/mate_30_pro_firmware< 10.1.0.156\(c00e156r7p2\)

🔴Vulnerability Details

2
GHSA
GHSA-5v7h-9v5g-w2x6: There is a privilege escalation vulnerability on some Huawei smart phones due to design defects2022-05-24
CVEList
CVE-2020-9119: There is a privilege escalation vulnerability on some Huawei smart phones due to design defects2020-12-24
CVE-2020-9119 — Improper Privilege Management in Huawei | cvebase