CVE-2020-9119 : There is a privilege escalation vulnerability on some Huawei smart phones due to

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.

Published 2020-12-24 16:15:16

Updated 2021-07-21 11:39:24

Source Huawei Technologies

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2020-9119

Huawei » Mate 10 Firmware
Versions before (<) 10.0.0.189\(c185e6r1p3\)
cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 10 » Version: N/A
Huawei » Mate 30 Firmware
Versions before (<) 10.1.0.156\(c00e155r7p2\)
cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 30 » Version: N/A
Huawei » Mate 30 Pro Firmware
Versions before (<) 10.1.0.156\(c00e156r7p2\)
cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Mate 30 Pro » Version: N/A
Huawei » P40 Firmware
Versions before (<) 10.1.0.150\(sp1c00e150r4p1\)
cpe:2.3:o:huawei:p40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » P40 » Version: N/A
Huawei » P40 Pro Firmware
Versions before (<) 10.1.0.150\(sp1c00e150r4p1\)
cpe:2.3:o:huawei:p40_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » P40 Pro » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-9119

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-9119

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.2	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.3	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-9119

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en

Security Advisory - Privilege Escalation Vulnerability in Huawei Smartphone
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-9119

Products affected by CVE-2020-9119

Exploit prediction scoring system (EPSS) score for CVE-2020-9119

CVSS scores for CVE-2020-9119

References for CVE-2020-9119