Plataforma
huawei
Componente
huawei-mate-20-pro
Corregido en
10.1.1
10.1.1
10.0.1
CVE-2020-9080 describes a privilege management vulnerability discovered in the Huawei Mate 20 Pro smartphone. A local, authenticated attacker can craft specific inputs to exploit this flaw, potentially leading to local privilege escalation. This vulnerability affects devices running versions prior to 10.0.0.125(C01E123R7P3), and a fix is available in version 10.0.1.
Successful exploitation of CVE-2020-9080 allows a local, authenticated attacker to elevate their privileges on the Huawei Mate 20 Pro device. This means an attacker who already has some level of access to the phone (e.g., a user account) could gain root or administrator-level access. The attacker could then potentially access sensitive data, install malicious software, or modify system settings without proper authorization. While the vulnerability requires local access and authentication, the potential impact of privilege escalation is significant, allowing for complete control over the device's functionality and data.
CVE-2020-9080 was disclosed publicly on December 27, 2024. The vulnerability is not currently listed on the CISA KEV catalog. There are no publicly available proof-of-concept exploits at this time. Given the requirement for local, authenticated access, the immediate risk of widespread exploitation is considered relatively low, but diligent patching is still essential.
Users of Huawei Mate 20 Pro devices running versions prior to 10.0.0.125(C01E123R7P3) are at risk. This includes individuals who have not yet applied security updates and organizations that manage fleets of these devices. Users who have enabled developer options or root access on their devices may be at higher risk.
• windows / supply-chain: Check for unusual process executions with elevated privileges. Monitor system logs for attempts to modify system files or settings. Use Sysinternals tools like Process Monitor to identify suspicious activity.
• linux / server: Examine system logs (e.g., /var/log/auth.log) for unusual login attempts or privilege escalation patterns. Use auditd to monitor file system access and modifications.
• generic web: N/A - This vulnerability is specific to the device's operating system and does not directly involve web components.
disclosure
Estado del Exploit
EPSS
0.04% (11% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2020-9080 is to upgrade the Huawei Mate 20 Pro to version 10.0.1 or later. Huawei has released this update to address the vulnerability. If upgrading is not immediately possible, consider limiting user privileges and implementing stricter access controls to minimize the potential impact of a successful attack. While a direct workaround isn’t available, regular security audits and monitoring for suspicious activity are recommended. After upgrading, confirm the successful update by navigating to Settings > About Phone > Software Version and verifying the version number is 10.0.1 or higher.
Actualice su dispositivo HUAWEI Mate 20 Pro a una versión posterior a 10.1.0.135 que incluya la corrección para la vulnerabilidad de escalada de privilegios. Consulte las actualizaciones de software disponibles a través de la configuración del sistema o el sitio web de soporte de Huawei.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2020-9080 is a vulnerability in the Huawei Mate 20 Pro that allows a local, authenticated attacker to escalate their privileges, potentially gaining full control of the device.
You are affected if you are using a Huawei Mate 20 Pro with software version 10.0.0.125(C01E123R7P3) or earlier.
Upgrade your Huawei Mate 20 Pro to version 10.0.1 or later by checking for software updates in Settings > About Phone > Software Update.
There are currently no publicly known active exploitation campaigns targeting CVE-2020-9080, but diligent patching is still recommended.
Refer to the Huawei security vulnerability announcement for CVE-2020-9080 on the Huawei website (search for HWPSIRT-2020-05272).
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.