CVE-2020-9081

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:yale-al50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:yale-al50a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-27 10:15

Updated : 2025-01-10 20:37

NVD link : CVE-2020-9081

Mitre link : CVE-2020-9081

CVE.ORG link : CVE-2020-9081

JSON object : View

Products Affected

huawei

p30_pro_firmware
yale-al00a
p30_firmware
p30
princeton-al10d
princeton-al10d_firmware
p30_pro
yale-al00a_firmware
mate_20_firmware
yale-al50a
yalep-al10b_firmware
yalep-al10b
yale-al50a_firmware
mate_20

CWE

CWE-285

Improper Authorization

CWE-863

Incorrect Authorization

{"id": "CVE-2020-9081", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-12-27T10:15:10.937", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081."}, {"lang": "es", "value": "Existe una vulnerabilidad de autorizaci\u00f3n indebida en algunos tel\u00e9fonos inteligentes Huawei. Un atacante podr\u00eda realizar una serie de operaciones en un modo espec\u00edfico para explotar esta vulnerabilidad. Si lo hace con \u00e9xito, podr\u00eda permitir al atacante eludir el bloqueo de la aplicaci\u00f3n. (ID de vulnerabilidad: HWPSIRT-2019-12144) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposici\u00f3n com\u00fan (CVE): CVE-2020-9081."}], "lastModified": "2025-01-10T20:37:44.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "165A8717-DD86-4BC0-AB3C-BD7F92DF68CD", "versionEndExcluding": "10.1.0.160\\(c00e160r3p8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29C7558A-D8B6-4773-A14D-38EDFFD96E5E", "versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4818ECF7-B4D4-4AF4-9DAA-FE08F56B26FC", "versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C262C7-C463-4F74-8F6B-6BF9B4FDCBCF", "versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11E6B825-CA55-4BEC-8279-3F33F7CC93EE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDC1976-E07B-4464-84DB-EACAE30D97E5", "versionEndExcluding": "10.1.0.160\\(c00e160r8p12\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "562D05D2-CC9E-4973-9E8D-B40C0ED6C721"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:yale-al50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "752648AA-54F7-40EF-AC48-BAD6F9F31579", "versionEndExcluding": "10.1.0.88\\(c00e88r8p1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:yale-al50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77360A45-7501-4243-812A-D8C3403D1F03"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A68AFA26-2D0F-4896-AB42-4E3327935F9D", "versionEndExcluding": "10.1.0.160\\(c00e160r8p12\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A7D81385-913B-4A38-A712-41CAE7B78DF4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2B578A-E6CE-413D-890B-20AC7EAEE59C", "versionEndExcluding": "10.1.0.160\\(c01e160r2p8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62637079-D8B3-4D71-8686-250C289C2957", "versionEndExcluding": "10.1.0.160\\(c01e160r2p8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}