CVE-2020-9073

Опубликовано: 15 мая 2020

Источник: nvd

CVSS3: 2.4

CVSS2: 2.1

EPSS Низкий

Описание

Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-01-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-01-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*

Версия до 10.0.0.156\(c00e156r1p4\) (исключая)

cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00026

Низкий

2.4 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-48xv-3rm6-fh3c

github

больше 3 лет назад