Huawei Smart Phone Insufficient Authentication Vulnerability
CVE-2020-9250 Published on December 20, 2024
There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.
Vulnerability Analysis
CVE-2020-9250 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Types
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2020-9250 has been classified to as an authentification vulnerability or weakness.
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2020-9250
Want to know whenever a new CVE is published for Huawei Mate 20 Pro Firmware? stack.watch will email you.
Affected Versions
HUAWEI Mate 20 Pro Version Versions earlier than 10.1.0.160(C00E160R3P8) is affected by CVE-2020-9250Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.