#VU24509 Improper Authorization in Huawei P10 Plus - CVE-2020-1872
Published: January 24, 2020
Vulnerability identifier: #VU24509
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1872
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei P10 Plus
Huawei P10 Plus
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to a digital balance bypass issue. When re-configuring the mobile phone at the digital balance mode, an attacker with physical access to the device can perform some operations to bypass the startup wizard, then open some switch and bypass a digital balance function.
Remediation
Install updates from vendor's website.