7.8
CVE-2020-9080
- EPSS 0.02%
- Published 27.12.2024 10:15:10
- Last modified 10.01.2025 20:36:43
- Source psirt@huawei.com
- Teams watchlist Login
- Open Login
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ Mate 20 Pro Firmware Version10.1.0.135(c01e135r2p8)
Huawei ≫ Mate 20 Pro (ud) Firmware Version10.1.0.135(c00e135r3p8)
Huawei ≫ Nova 5i Firmware Version < 10.0.0.125\(c01e123r7p3\)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.02 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@huawei.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.