Security Advisory - Improper Authorization Vulnerability in some Huawei Smartphones

2020-08-2600:00:00

Huawei Technologies

www.huawei.com

0 Low

EPSS

Percentile

0.0%

JSON

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-15-smartphone-en

Affected configurations

Vulners

Node

huaweihonor_20Range<10.1.0.160

huaweihuawei_p30Range<10.1.0.160

huaweiprinceton-al10dRange<10.1.0.160

huaweiyale-al50aRange<10.1.0.160

huaweiyale-al50aRange<10.1.0.88

huaweiyalep-al10bRange<10.1.0.160

CPENameOperatorVersion
huawei mate 20lt10.1.0.160
huawei mate 20lt10.1.0.160
huawei p30lt10.1.0.160
huawei p30 prolt10.1.0.160
huawei p30 prolt10.1.0.160
princeton-al10dlt10.1.0.160
yale-al00alt10.1.0.160
yale-al50alt10.1.0.88
yalep-al10blt10.1.0.160

Name	Operator	Version
huawei mate 20	lt	10.1.0.160
huawei mate 20	lt	10.1.0.160
huawei p30	lt	10.1.0.160
huawei p30 pro	lt	10.1.0.160
huawei p30 pro	lt	10.1.0.160
princeton-al10d	lt	10.1.0.160
yale-al00a	lt	10.1.0.160
yale-al50a	lt	10.1.0.88
yalep-al10b	lt	10.1.0.160

0 Low

EPSS

Percentile

0.0%

JSON

Related for HUAWEI-SA-20200826-15-SMARTPHONE

cve1