Main Vulnerability Database Vulnerabilities #VU24510

Improper Authorization in Huawei products - CVE-2020-1882

Published: January 24, 2020 / Updated: February 5, 2020

Vulnerability identifier: #VU24510

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1882

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Ever-L29B
Huawei Mate 20 RS
Huawei Mate 20 X
Huawei Honor Magic 2

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to improper authorization of some function. An authenticated attacker with physical access to the device can bypass the authorization to perform some operations.

How to mitigate CVE-2020-1882

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en

Improper Authorization in Huawei products - CVE-2020-1882

Detailed vulnerability description

How to mitigate CVE-2020-1882

Sources

Please verify you're human