CVE-2020-9251

CWE-287Improper Authentication5 documents4 sources
Severity
2.4LOW
EPSS
0.0%
top 92.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei P30 Firmware
Timeline
PublishedJul 27
Latest updateMay 24

Description

HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8).

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5huawei_mate_20Versions earlier than 10.1.0.160(C00E160R2P11)
NVDhuawei/p30_firmware< 10.1.0.160\(c00e160r3p8\)

🔴Vulnerability Details

2
GHSA
GHSA-gx64-5mxv-c598: HUAWEI Mate 20 smartphones with versions earlier than 102022-05-24
CVEList
CVE-2020-9251: HUAWEI Mate 20 smartphones with versions earlier than 102020-07-27

📋Vendor Advisories

2
Oracle
Oracle Oracle Retail Applications Risk Matrix: Promotions (jQuery) — CVE-2015-92512020-07-15
Oracle
Oracle Oracle Knowledge Risk Matrix: Information Manager Console, Web Applications - InfoCenter (jQuery) — CVE-2015-92512020-04-15
CVE-2020-9251 (LOW CVSS 2.4) | HUAWEI Mate 20 smartphones with ver | cvebase.io