Main Vulnerability Database Vulnerabilities #VU23411

#VU23411 Improper Authorization in Huawei Mate 20 Pro - CVE-2019-5250

Published: December 5, 2019

Vulnerability identifier: #VU23411

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5250

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Huawei Mate 20 Pro

Software vendor:
Huawei

Description

The vulnerability allows an attacker to bypass authorization checks.

The vulnerability exists due to the affected software does not properly restrict certain operation of certain privilege. An attacker with physical access to the device can trick the victim to install a malicious application before the user turns on student mode function and bypass the limit of student mode function.

Remediation

Install updates from vendor's website.

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en