CVE-2020-9080 – This is a local privilege escalation vulnerabil... (How to Fix)

Q: What is the severity of CVE-2020-9080?

CVE-2020-9080 has a CVSS score of 7.8 (HIGH). This is a local privilege escalation vulnerability in Huawei smartphones that allows authenticated local attackers to gain elevated privileges. Attackers need physical or remote access to the device and valid credentials. The vulnerability affects Huawei smartphone users who haven't applied security updates.

📋 TL;DR

This is a local privilege escalation vulnerability in Huawei smartphones that allows authenticated local attackers to gain elevated privileges. Attackers need physical or remote access to the device and valid credentials. The vulnerability affects Huawei smartphone users who haven't applied security updates.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in advisory, but pre-August 2020 security updates

Operating Systems: Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Huawei smartphones with specific software versions before August 2020 security patches.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent malware, access all user data, and bypass security controls.

🟠

Likely Case

Local attacker gains administrative privileges to install unauthorized apps, modify system settings, or access sensitive data.

🟢

If Mitigated

Attack fails due to patched system or lack of local access/credentials.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Physical device access or remote access with credentials required.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and specific crafted input. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2020 security update or later

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en

Restart Required: Yes

Instructions:

1. Check for updates in Settings > System & updates > Software update. 2. Install August 2020 or later security update. 3. Restart device after installation.

🔧 Temporary Workarounds

Restrict physical access

all

Prevent unauthorized physical access to devices

Use strong authentication

all

Implement strong passwords/biometrics to reduce risk of credential compromise

🧯 If You Can't Patch

Isolate vulnerable devices from sensitive networks
Implement mobile device management (MDM) with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Build number for pre-August 2020 security patch level

Check Version:

Settings > About phone > Build number/Security patch level

Verify Fix Applied:

Verify security patch level is August 2020 or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts in system logs
Unexpected process execution with elevated privileges

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

Not applicable for typical smartphone environments

📊 Metadata

CVE ID: CVE-2020-9080

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: December 27, 2024

Last Updated: January 10, 2025

🔗 References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9080, you might also want to check these: