VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 27, 2024· Updated Dec 27, 2024

CVE-2020-9080

CVE-2020-9080

Description

There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local privilege escalation vulnerability in Huawei smartphones due to improper privilege management allows an authenticated attacker to gain elevated privileges.

Vulnerability

An improper privilege management vulnerability exists in Huawei smartphone products, including HUAWEI Mate 20 Pro (versions 10.1.0.135(C01E135R2P8) and 10.1.0.135(C00E135R3P8)), HUAWEI Mate 20 Pro (UD) (version 10.1.0.135(C00E135R3P8)), and HUAWEI nova 5i (versions earlier than 10.0.0.125(C01E123R7P3)). The vulnerability allows a local, authenticated attacker to exploit the improper privilege management. [1]

Exploitation

An attacker with local access and authentication can craft a specific input to trigger the vulnerability. The exact sequence of steps is not detailed in the available references, but the attack requires the attacker to be authenticated on the device. [1]

Impact

Successful exploitation leads to local privilege escalation, allowing the attacker to gain elevated privileges on the affected device. This could result in unauthorized access to sensitive data or system functions. [1]

Mitigation

Huawei has released software updates to fix this vulnerability. For HUAWEI Mate 20 Pro and Mate 20 Pro (UD), the resolved version is 10.1.0.163. For HUAWEI nova 5i, the resolved version is 10.0.0.125(C01E123R7P3). The advisory was initially released on 2020-08-19. No workarounds are mentioned, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]

References
  1. Security Advisory - Improper Privilege Management Vulnerability in Huawei Smartphone Product

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Huawei/HUAWEI Mate 20cpe-rescue2 versions
    10.1.0.135(C01E135R2P8)+ 1 more
    • (no CPE)range: 10.1.0.135(C01E135R2P8)
    • (no CPE)range: 10.1.0.135(C00E135R3P8)
  • Huawei/HUAWEI nova 5iv5
    Range: Versions earlier than 10.0.0.125(C01E123R7P3)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.