CVE-2020-9119

EUVD-2020-29948
There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
PHYSICAL
LOW
HIGH
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
huaweimate_10_firmware
𝑥
< 10.0.0.189\(c185e6r1p3\)
huaweimate_30_firmware
𝑥
< 10.1.0.156\(c00e155r7p2\)
huaweimate_30_pro_firmware
𝑥
< 10.1.0.156\(c00e156r7p2\)
huaweip40_firmware
𝑥
< 10.1.0.150\(sp1c00e150r4p1\)
huaweip40_pro_firmware
𝑥
< 10.1.0.150\(sp1c00e150r4p1\)
𝑥
= Vulnerable software versions
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en