Privilege escalation in several Huawei Smartphones



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-9119
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Huawei Mate 10
Client/Desktop applications / Multimedia software

Huawei Mate 30
Client/Desktop applications / Multimedia software

Huawei Mate 30 Pro
Client/Desktop applications / Multimedia software

Huawei P40
Client/Desktop applications / Multimedia software

Huawei P40 Pro
Client/Desktop applications / Multimedia software

Vendor Huawei

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU48797

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9119

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user  to escalate privileges on the system.

The vulnerability exists due to design defects. An administrator with physical access can execute relevant commands and escalate privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 10: before 10.0.0.189(C185E6R1P3)

Huawei Mate 30: before 10.1.0.156(C00E155R7P2)

Huawei Mate 30 Pro: before 10.1.0.156(C00E156R7P2)

Huawei P40: before 10.1.0.150(SP1C00E150R4P1)

Huawei P40 Pro: before 10.1.0.150(SP1C00E150R4P1)

CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###