PT-2019-17532 · Huawei · Huawei Mate 20 Pro

Published

2019-12-13

Updated

2020-08-24

CVE-2019-5250

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huawei Mate 20 Pro versions prior to 9.1.0.135(C00E133R3P1)

Description The issue is related to improper authorization, where the software fails to properly restrict certain operations of certain privileges. An attacker could trick a user into installing a malicious application before the user enables the student mode function. If successfully exploited, this could allow the attacker to bypass the limitations of the student mode function.

Recommendations For versions prior to 9.1.0.135(C00E133R3P1), update to version 9.1.0.135(C00E133R3P1) or later to resolve the issue. As a temporary workaround, consider avoiding the installation of unknown or untrusted applications, especially before enabling the student mode function.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2019-5250

Affected Products

Huawei Mate 20 Pro

PT-2019-17532 · Huawei · Huawei Mate 20 Pro

CVE-2019-5250

Weakness Enumeration

Related Identifiers

Affected Products

References · 3