CVE-2020-9081

Summary

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

Affected Software

VendorProductVersion RangeStatus
HuaweiHUAWEI Mate 20Versions earlier than 10.1.0.160(C00E160R3P8)affected
HuaweiHUAWEI Mate 20Versions earlier than 10.1.0.160(C01E160R2P8)affected
HuaweiHUAWEI P30Versions earlier than 10.1.0.160(C00E160R2P11)affected
HuaweiHUAWEI P30 ProVersions earlier than 10.1.0.160(C00E160R2P8)affected
HuaweiHUAWEI P30 ProVersions earlier than 10.1.0.160(C01E160R2P8)affected
HuaweiPrinceton-AL10DVersions earlier than 10.1.0.160(C00E160R2P11)affected
HuaweiYale-AL00AVersions earlier than 10.1.0.160(C00E160R8P12)affected
HuaweiYale-AL50AVersions earlier than 10.1.0.88(C00E88R8P1)affected
HuaweiYaleP-AL10BVersions earlier than 10.1.0.160(C00E160R8P12)affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References