CVE-2020-9250

Description

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

Huawei / HUAWEI Mate 20 ProVersions earlier than 10.1.0.160(C00E160R3P8) – Versions earlier than 10.1.0.160(C00E160R3P8)

References

VENDOR_ADVISORYhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en