CVE-2020-1844

Vulnerability

A privilege escalation vulnerability exists in Huawei PCManager products. The flaw resides in versions earlier than 10.0.5.51. An authenticated, local attacker can perform a specific operation to trigger the vulnerability. The exact code path is not publicly detailed, but the attack requires local access and valid authentication on the affected system [1].

Exploitation

To exploit this vulnerability, an attacker must have local access to the system and be authenticated as a user. The attacker then performs a specific operation (not further described in the advisory) that leverages the flaw to escalate privileges. No user interaction beyond the attacker's own actions is required [1].

Impact

Successful exploitation allows the attacker to obtain a higher privilege level than originally held. This could lead to full compromise of the affected system, including the ability to execute arbitrary code with elevated permissions, access sensitive data, or modify system configurations [1].

Mitigation

Huawei has released software updates to fix this vulnerability. The resolved version is PCManager 10.0.5.51. Users should upgrade to this version or later. No workarounds are provided in the advisory. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].