6.8

CVE-2020-9081

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)



This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

Data is provided by the National Vulnerability Database (NVD)
HuaweiMate 20 Firmware Version < 10.1.0.160\(c00e160r3p8\)
   HuaweiMate 20 Version-
HuaweiP30 Firmware Version < 10.1.0.160\(c00e160r2p11\)
   HuaweiP30 Version-
HuaweiP30 Pro Firmware Version < 10.1.0.160\(c00e160r2p8\)
   HuaweiP30 Pro Version-
HuaweiPrinceton-al10d Firmware Version < 10.1.0.160\(c00e160r2p11\)
   HuaweiPrinceton-al10d Version-
HuaweiYale-al00a Firmware Version < 10.1.0.160\(c00e160r8p12\)
   HuaweiYale-al00a Version-
HuaweiYale-al50a Firmware Version < 10.1.0.88\(c00e88r8p1\)
   HuaweiYale-al50a Version-
HuaweiYalep-al10b Firmware Version < 10.1.0.160\(c00e160r8p12\)
   HuaweiYalep-al10b Version-
HuaweiMate 20 Firmware Version < 10.1.0.160\(c01e160r2p8\)
   HuaweiMate 20 Version-
HuaweiP30 Pro Firmware Version < 10.1.0.160\(c01e160r2p8\)
   HuaweiP30 Pro Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.059
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@huawei.com 3.5 0.9 2.5
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.