Main Vulnerability Database Vulnerabilities #VU24510

#VU24510 Improper Authorization in Huawei products - CVE-2020-1882

Published: January 24, 2020 / Updated: February 5, 2020

Vulnerability identifier: #VU24510

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1882

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Huawei Ever-L29B
Huawei Mate 20 RS
Huawei Mate 20 X
Huawei Honor Magic 2

Software vendor:
Huawei

Description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to improper authorization of some function. An authenticated attacker with physical access to the device can bypass the authorization to perform some operations.

Remediation

Install updates from vendor's website.

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en

#VU24510 Improper Authorization in Huawei products - CVE-2020-1882

Description

Remediation

External links

Please verify you're human