SB2020020511 - Multiple vulnerabilities in HUAWEI Mate 20

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authorization (CVE-ID: CVE-2020-1791)

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to the system has a logic judging error under certain scenario. An attacker with physical access to the device can switch to third desktop after a series of operation in ADB mode.

2) Improper Authorization (CVE-ID: CVE-2020-1797)

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to the affected system does not properly restrict certain operation in ADB mode. An attacker with physical access to the device can break the limit of digital balance function.

Remediation

Install update from vendor's website.

References

• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-smartphone-en
• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en