Improper Authorization in Huawei Mate 20 - CVE-2020-1807

 

Improper Authorization in Huawei Mate 20 - CVE-2020-1807

Published: April 23, 2020 / Updated: May 5, 2020


Vulnerability identifier: #VU27237
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1807
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Huawei
Affected software:
Huawei Mate 20

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to the affected software does not properly restrict certain user's modification of certain configuration file. An attacker with physical access to the device can bypass app lock after a series of operation in ADB mode.


How to mitigate CVE-2020-1807

Install updates from vendor's website.

Sources