Improper Authorization in Huawei Mate 20 - CVE-2020-9251
Published: July 22, 2020
Vulnerability identifier: #VU31758
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-9251
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei Mate 20
Huawei Mate 20
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to the affected software does not properly restrict certain operation in certain scenario. An attacker with physical access to the device can do certain configuration before the user turns on student mode function and bypass the limit of student mode function.
Remediation
Install updates from vendor's website.