Main Vulnerability Database SB2020012407

SB2020012407 - Improper Authorization in Huawei P10 Plus

Published: January 24, 2020

Security Bulletin ID SB2020012407

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Authorization (CVE-ID: CVE-2020-1872)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to a digital balance bypass issue. When re-configuring the mobile phone at the digital balance mode, an attacker with physical access to the device can perform some operations to bypass the startup wizard, then open some switch and bypass a digital balance function.

Remediation

Install update from vendor's website.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-digitalbalance-en