Main Vulnerability Database Vulnerabilities #VU23086

Improper Authorization in Huawei Mate 20 RS - CVE-2019-5308

Published: November 29, 2019

Vulnerability identifier: #VU23086

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5308

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Mate 20 RS

Detailed vulnerability description

The vulnerability allows an attacker to bypass authorization checks.

The vulnerability exists due to the affected software does not properly restrict certain operation in ADB mode. An attacker with physical access to the device can switch to third desktop after a series of operation.

How to mitigate CVE-2019-5308

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-smartphone-en

Improper Authorization in Huawei Mate 20 RS - CVE-2019-5308

Detailed vulnerability description

How to mitigate CVE-2019-5308

Sources

Please verify you're human