#VU47196 Information disclosure


Published: 2020-09-30

Vulnerability identifier: #VU47196

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9109

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Huawei Mate 20
Client/Desktop applications / Multimedia software
Huawei Mate 20 X
Client/Desktop applications / Multimedia software
Huawei P30 Pro
Client/Desktop applications / Multimedia software
Laya-AL00EP
Hardware solutions / Firmware
Huawei Tony-AL00B
Hardware solutions / Firmware
huawei Tony-TL00B
Hardware solutions / Firmware

Vendor: Huawei

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the affected device does not sufficiently validate the identity of smart wearable device. A local administrator can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: All versions

Huawei Mate 20 X : All versions

Huawei P30 Pro: All versions

Laya-AL00EP: All versions

Huawei Tony-AL00B: All versions

huawei Tony-TL00B: All versions


CPE

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability