Multiple vulnerabilities in HUAWEI Mate 20



Published: 2020-02-05 | Updated: 2020-05-27
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-1791
CVE-2020-1797
CWE-ID CWE-285
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Huawei Mate 20
Client/Desktop applications / Multimedia software

Vendor Huawei

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

Updated 27.05.2020
Added vulnerability #2

1) Improper Authorization

EUVDB-ID: #VU24943

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1791

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to the system has a logic judging error under certain scenario. An attacker with physical access to the device can switch to third desktop after a series of operation in ADB mode.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: before 10.0.0.185

before 10.0.0.185
CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-smartphone-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Authorization

EUVDB-ID: #VU28294

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1797

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to the affected system does not properly restrict certain operation in ADB mode. An attacker with physical access to the device can break the limit of digital balance function.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: before 10.0.0.185

before 10.0.0.185
CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###