CVE-2020-9089

Summary

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.

Affected Software

VendorProductVersion RangeStatus
HuaweiHUAWEI P30 ProVersions earlier than 10.1.0.120(C431E19R2P5)affected
HuaweiHUAWEI P30 ProVersions earlier than 10.1.0.120(C432E19R2P5)affected
HuaweiHUAWEI P30 ProVersions earlier than 10.1.0.126(C10E11R5P1)affected
HuaweiHUAWEI P30 ProVersions earlier than 10.1.0.126(C461E11R3P1)affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References