Main Vulnerability Database SB2019120506

SB2019120506 - Improper Authorization in Huawei Mate 20 Pro

Published: December 5, 2019

Security Bulletin ID SB2019120506

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Authorization (CVE-ID: CVE-2019-5250)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an attacker to bypass authorization checks.

The vulnerability exists due to the affected software does not properly restrict certain operation of certain privilege. An attacker with physical access to the device can trick the victim to install a malicious application before the user turns on student mode function and bypass the limit of student mode function.

Remediation

Install update from vendor's website.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en