Privilege escalation in Huawei Mate_20_pro
CVE-2019-5250
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into…
Vulnerability class: Privilege Escalation
EPSS: 0.006 (44.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Huawei Mate_20_pro
- Huawei Mate_20_pro_firmware
- N/a Mate 20 Pro — versions Versions earlier than 9.1.0.135(C00E133R3P1)
Weakness classification (CWE)
References
- psirt@huawei.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2019-5250?
- CVE-2019-5250 is a high-severity vulnerability in Huawei Mate_20_pro, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2019-12-13.
- How severe is CVE-2019-5250?
- High severity. CVSS v3 base score is 7.8 out of 10.