Lucene search

[email protected]CVE-2019-5252

HistoryDec 14, 2019 - 12:15 a.m.

CVE-2019-5252

2019-12-1400:15:11

CWE-287

[email protected]

web.nvd.nist.gov

109

cve-2019-5252

huawei

smartphones

authentication

vulnerability

applock

bypass

3.5 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

23.8%

JSON

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.

Affected configurations

NVD

Node

huaweienjoy_8_plus_firmwareRange<9.1.0.124\(c00e112r1p6t8\)

AND

huaweienjoy_8_plusMatch-

Node

huaweiy9_firmwareRange<9.1.0.131\(c432e6r1p5t8\)

AND

huaweiy9Match-

Node

huaweihonor_8x_firmwareRange<9.1.0.217\(c00e15r3p2t8\)

AND

huaweihonor_8xMatch-

Node

huaweihonor_8x_firmwareRange<9.1.0.237\(c432e1r3p2t8\)

AND

huaweihonor_8xMatch-

Node

huaweihonor_8x_firmwareRange<9.1.0.237\(c636e2r4p1t8\)

AND

huaweihonor_8xMatch-

Node

huaweihonor_9_lite_firmwareRange<9.1.0.124\(c00e112r2p10t8\)

AND

huaweihonor_9_liteMatch-

Node

huaweihonor_9_lite_firmwareRange<9.1.0.136\(c636e5r1p5t8\)

AND

huaweihonor_9_liteMatch-

Node

huaweihonor_9i_firmwareRange<9.1.0.115\(c00e113r1p6t8\)

AND

huaweihonor_9iMatch-

Node

huaweihonor_9i_firmwareRange<9.1.0.122\(c636e4r1p4t8\)

AND

huaweihonor_9iMatch-

Node

huaweiy6_pro_firmwareRange<9.1.0.248\(c636e5r3p1\)

AND

huaweiy6_proMatch-

CPENameOperatorVersion
huawei:enjoy_8_plus_firmwarehuawei enjoy 8 plus firmwarelt9.1.0.124\(c00e112r1p6t8\)

CPE	Name	Operator	Version
huawei:enjoy_8_plus_firmware	huawei enjoy 8 plus firmware	lt	9.1.0.124\(c00e112r1p6t8\)

CNA Affected

[
  {
    "product": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en

3.5 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

23.8%

JSON

Related for CVE-2019-5252

huawei1 cvelist1 prion1 nvd1