CVE-2020-9081

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-9081
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:huawei:yale-al50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al50a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*
History

10 Jan 2025, 20:37

Type Values Removed Values Added
First Time Huawei yale-al50a Firmware
Huawei yale-al00a
Huawei p30 Pro Firmware
Huawei mate 20
Huawei p30 Pro
Huawei yale-al00a Firmware
Huawei yalep-al10b Firmware
Huawei princeton-al10d Firmware
Huawei yalep-al10b
Huawei
Huawei mate 20 Firmware
Huawei p30 Firmware
Huawei princeton-al10d
Huawei p30
Huawei yale-al50a
CWE CWE-863
CPE cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al50a:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:yale-al50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*
Summary
  • (es) Existe una vulnerabilidad de autorización indebida en algunos teléfonos inteligentes Huawei. Un atacante podría realizar una serie de operaciones en un modo específico para explotar esta vulnerabilidad. Si lo hace con éxito, podría permitir al atacante eludir el bloqueo de la aplicación. (ID de vulnerabilidad: HWPSIRT-2019-12144) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposición común (CVE): CVE-2020-9081.
References () https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en - () https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en - Vendor Advisory

27 Dec 2024, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-27 10:15

Updated : 2025-01-10 20:37

NVD link : CVE-2020-9081

Mitre link : CVE-2020-9081

CVE.ORG link : CVE-2020-9081

JSON object : View

Products Affected

huawei

  • yale-al00a_firmware
  • yale-al50a_firmware
  • princeton-al10d_firmware
  • yalep-al10b_firmware
  • mate_20_firmware
  • mate_20
  • p30_pro
  • princeton-al10d
  • yalep-al10b
  • yale-al50a
  • p30
  • p30_firmware
  • yale-al00a
  • p30_pro_firmware
CWE
CWE-285

Improper Authorization

CWE-863

Incorrect Authorization