CVE-2020-9089

Description

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

Huawei / HUAWEI P30 ProVersions earlier than 10.1.0.120(C431E19R2P5) – Versions earlier than 10.1.0.120(C431E19R2P5)
Huawei / HUAWEI P30 ProVersions earlier than 10.1.0.120(C432E19R2P5) – Versions earlier than 10.1.0.120(C432E19R2P5)
Huawei / HUAWEI P30 ProVersions earlier than 10.1.0.126(C10E11R5P1) – Versions earlier than 10.1.0.126(C10E11R5P1)
Huawei / HUAWEI P30 ProVersions earlier than 10.1.0.126(C461E11R3P1) – Versions earlier than 10.1.0.126(C461E11R3P1)

References

VENDOR_ADVISORYhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-09-smartphone-en