Description
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.
CVSS breakdown
CVSS 3.1
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Huawei / HUAWEI Mate 20Versions earlier than 10.1.0.160(C00E160R3P8) – Versions earlier than 10.1.0.160(C00E160R3P8)
- Huawei / HUAWEI Mate 20Versions earlier than 10.1.0.160(C01E160R2P8) – Versions earlier than 10.1.0.160(C01E160R2P8)
- Huawei / HUAWEI P30Versions earlier than 10.1.0.160(C00E160R2P11) – Versions earlier than 10.1.0.160(C00E160R2P11)
- Huawei / HUAWEI P30 ProVersions earlier than 10.1.0.160(C00E160R2P8) – Versions earlier than 10.1.0.160(C00E160R2P8)
- Huawei / HUAWEI P30 ProVersions earlier than 10.1.0.160(C01E160R2P8) – Versions earlier than 10.1.0.160(C01E160R2P8)
- Huawei / Princeton-AL10DVersions earlier than 10.1.0.160(C00E160R2P11) – Versions earlier than 10.1.0.160(C00E160R2P11)
- Huawei / Yale-AL00AVersions earlier than 10.1.0.160(C00E160R8P12) – Versions earlier than 10.1.0.160(C00E160R8P12)
- Huawei / Yale-AL50AVersions earlier than 10.1.0.88(C00E88R8P1) – Versions earlier than 10.1.0.88(C00E88R8P1)
- Huawei / YaleP-AL10BVersions earlier than 10.1.0.160(C00E160R8P12) – Versions earlier than 10.1.0.160(C00E160R8P12)