CVE-2020-9073
Published May 15, 2020
Last updated 4 years ago
Overview
- Description
- Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 2.4
- Impact score
- 1.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CBA0F24-B073-4DEF-B8DF-4FE72940927C",
"versionEndExcluding": "10.0.0.156\\(c00e156r1p4\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]