CVE-2020-9080

Published: Dec 27, 2024Modified: Jan 10, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.

Affected (3)

Products: Huawei: Mate 20 Pro Firmware, Mate 20 Pro (ud) Firmware, Nova 5i Firmware

Huawei

3 products

Mate 20 Pro Firmware

Mate 20 Pro (ud) Firmware

Nova 5i Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate 20 Pro Firmware	Version 10.1.0.135(c01e135r2p8)

Running on/with	Platform Versions
Huawei Mate 20 Pro	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate 20 Pro (ud) Firmware	Version 10.1.0.135(c00e135r3p8)

Running on/with	Platform Versions
Huawei Mate 20 Pro (ud)	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nova 5i Firmware	Before 10.0.0.125\(c01e123r7p3\)

Running on/with	Platform Versions
Huawei Nova 5i	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

Timeline

No history available yet.