Description
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Huawei / HUAWEI Mate 20 Pro10.1.0.135(C01E135R2P8) – 10.1.0.135(C01E135R2P8)
- Huawei / HUAWEI Mate 20 Pro (UD)10.1.0.135(C00E135R3P8) – 10.1.0.135(C00E135R3P8)
- Huawei / HUAWEI nova 5iVersions earlier than 10.0.0.125(C01E123R7P3) – Versions earlier than 10.0.0.125(C01E123R7P3)