Main Vulnerability Database Vulnerabilities #VU26213

Improper Authentication in Huawei Mate 20 and Huawei Mate 30 Pro - CVE-2020-1796

Published: March 19, 2020

Vulnerability identifier: #VU26213

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1796

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Mate 20
Huawei Mate 30 Pro

Detailed vulnerability description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in authorization process to certain user. An authenticated attacker with physical access can bypass authentication process and perform certain operation which the user are supposed not to do.

How to mitigate CVE-2020-1796

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-05-smartphone-en

Improper Authentication in Huawei Mate 20 and Huawei Mate 30 Pro - CVE-2020-1796

Detailed vulnerability description

How to mitigate CVE-2020-1796

Sources

Please verify you're human