Main Vulnerability Database Vulnerabilities #VU23411

Improper Authorization in Huawei Mate 20 Pro - CVE-2019-5250

Published: December 5, 2019

Vulnerability identifier: #VU23411

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5250

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Mate 20 Pro

Detailed vulnerability description

The vulnerability allows an attacker to bypass authorization checks.

The vulnerability exists due to the affected software does not properly restrict certain operation of certain privilege. An attacker with physical access to the device can trick the victim to install a malicious application before the user turns on student mode function and bypass the limit of student mode function.

How to mitigate CVE-2019-5250

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en

Improper Authorization in Huawei Mate 20 Pro - CVE-2019-5250

Detailed vulnerability description

How to mitigate CVE-2019-5250

Sources

Please verify you're human