Privilege escalation in Huawei Mate 20 Pro
CVE-2020-9080
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalati…
Vulnerability class: Privilege Escalation
EPSS: 0.001 (2.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Huawei Mate 20 Pro — versions 10.1.0.135(C01E135R2P8)
- Huawei Mate 20 Pro (Ud) — versions 10.1.0.135(C00E135R3P8)
- Huawei Nova 5i — versions Versions earlier than 10.0.0.125(C01E123R7P3)
- Huawei Mate_20_pro
- Huawei Mate_20_pro_firmware — versions 10.1.0.135\(c01e135r2p8\)
- Huawei Mate_20_pro_\(ud\)
- Huawei Mate_20_pro_\(ud\)_firmware — versions 10.1.0.135\(c00e135r3p8\)
- Huawei Nova_5i
- Huawei Nova_5i_firmware
Weakness classification (CWE)
Public proof-of-concept exploits
References
- psirt@huawei.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2020-9080?
- CVE-2020-9080 is a high-severity vulnerability in Huawei Mate 20 Pro, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2024-12-27.
- How severe is CVE-2020-9080?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2020-9080 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.