CVE-2020-1791 : HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerabilit

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.

Published 2020-02-18 03:15:11

Updated 2021-07-21 11:39:24

Source Huawei Technologies

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-1791

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-1791

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
2.4	LOW	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	0.9	1.4	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2020-1791

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-smartphone-en

Security Advisory - Improper Authorization Vulnerability in Several Smartphones
Vendor Advisory

Products affected by CVE-2020-1791

Huawei » Mate 20 Firmware
Versions before (<) 10.0.0.185\(c00e74r3p8\)
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 20 » Version: N/A

Vulnerability Details : CVE-2020-1791

Exploit prediction scoring system (EPSS) score for CVE-2020-1791

CVSS scores for CVE-2020-1791

References for CVE-2020-1791

Products affected by CVE-2020-1791