PT-2020-15111 · Huawei · Huawei Mate 30 Pro
Wish Wu
·
Published
2020-07-06
·
Updated
2020-07-09
·
CVE-2020-1838
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
HUAWEI Mate 30 Pro versions earlier than 10.1.0.150(C00E136R5P3)
Description
The device has an improper authentication issue where it does not sufficiently validate certain credentials of a user's face. An attacker could craft the credential of the user, and a successful exploit could allow the attacker to pass the authentication with the crafted credential.
Recommendations
For versions earlier than 10.1.0.150(C00E136R5P3), update to version 10.1.0.150(C00E136R5P3) or later to resolve the issue. As a temporary workaround, consider disabling face authentication until a patch is available. Restrict access to sensitive features that rely on face authentication to minimize the risk of exploitation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Mate 30 Pro