CVE-2020-9143 — Missing Authentication for Critical Function in Huawei Emui

CWE-306 — Missing Authentication for Critical Function CWE-287 — Improper Authentication4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 75.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Emui Huawei Magic UI

Timeline

PublishedJan 13

Latest updateMay 24

Description

There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDhuawei/emui5 versions+4

▶NVDhuawei/magic_ui4 versions+3

🔴Vulnerability Details

GHSA

GHSA-w8j2-273f-92wh: There is a missing authentication vulnerability in some Huawei smartphone↗2022-05-24

▶

CVEList

CVE-2020-9143: There is a missing authentication vulnerability in some Huawei smartphone↗2021-01-13

▶

💬Community

Bugzilla

CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service↗2019-03-01

▶