CVE-2020-1882

4.6MEDIUM

Key Information:

Vendor: Huawei
Status: Ever-l29b; Huawei Mate 20 Rs; Huawei Mate 20 X; Honor Magic2
Vendor: CVE Published:; 18 February 2020

Summary

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.

Affected Version(s)

Ever-L29B earlier than 10.0.0.180(C185E6R3P3)

Ever-L29B earlier than 10.0.0.180(C432E6R1P7)

Ever-L29B earlier than 10.0.0.180(C636E5R2P3)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2020
Vulnerability Reserved
Nov 29, 2019