ID CVE-2019-5252Type cveReporter cve@mitre.orgModified 2019-12-27T01:37:00
Description
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
{"id": "CVE-2019-5252", "bulletinFamily": "NVD", "title": "CVE-2019-5252", "description": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.", "published": "2019-12-14T00:15:00", "modified": "2019-12-27T01:37:00", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5252", "reporter": "cve@mitre.org", "references": ["https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"], "cvelist": ["CVE-2019-5252"], "type": "cve", "lastseen": "2020-12-09T21:41:54", "edition": 11, "viewCount": 83, "enchantments": {"dependencies": {"references": [{"type": "huawei", "idList": ["HUAWEI-SA-20191204-01-SMARTPHONE"]}], "modified": "2020-12-09T21:41:54", "rev": 2}, "score": {"value": 2.6, "vector": "NONE", "modified": "2020-12-09T21:41:54", "rev": 2}, "vulnersScore": 2.6}, "cpe": [], "affectedSoftware": [{"cpeName": "huawei:enjoy_8_plus_firmware", "name": "huawei enjoy 8 plus firmware", "operator": "lt", "version": "9.1.0.124\\(c00e112r1p6t8\\)"}, {"cpeName": "huawei:honor_8x_firmware", "name": "huawei honor 8x firmware", "operator": "lt", "version": "9.1.0.217\\(c00e15r3p2t8\\)"}, {"cpeName": "huawei:honor_8x_firmware", "name": "huawei honor 8x firmware", "operator": "lt", "version": "9.1.0.237\\(c432e1r3p2t8\\)"}, {"cpeName": "huawei:honor_9i_firmware", "name": "huawei honor 9i firmware", "operator": "lt", "version": "9.1.0.122\\(c636e4r1p4t8\\)"}, {"cpeName": "huawei:y9_firmware", "name": "huawei y9 firmware", "operator": "lt", "version": "9.1.0.131\\(c432e6r1p5t8\\)"}, {"cpeName": "huawei:y6_pro_firmware", "name": "huawei y6 pro firmware", "operator": "lt", "version": "9.1.0.248\\(c636e5r3p1\\)"}, {"cpeName": "huawei:honor_9_lite_firmware", "name": "huawei honor 9 lite firmware", "operator": "lt", "version": "9.1.0.124\\(c00e112r2p10t8\\)"}, {"cpeName": "huawei:honor_9i_firmware", "name": "huawei honor 9i firmware", "operator": "lt", "version": "9.1.0.115\\(c00e113r1p6t8\\)"}, {"cpeName": "huawei:honor_8x_firmware", "name": "huawei honor 8x firmware", "operator": "lt", "version": "9.1.0.237\\(c636e2r4p1t8\\)"}, {"cpeName": "huawei:honor_9_lite_firmware", "name": "huawei honor 9 lite firmware", "operator": "lt", "version": "9.1.0.136\\(c636e5r1p5t8\\)"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 2.5}, "cpe23": [], "cwe": ["CWE-287"], "scheme": null, "affectedConfiguration": [{"cpeName": "huawei:y9", "name": "huawei y9", "operator": "eq", "version": "-"}, {"cpeName": "huawei:enjoy_8_plus", "name": "huawei enjoy 8 plus", "operator": "eq", "version": "-"}, {"cpeName": "huawei:honor_8x", "name": "huawei honor 8x", "operator": "eq", "version": "-"}, {"cpeName": "huawei:honor_9_lite", "name": "huawei honor 9 lite", "operator": "eq", "version": "-"}, {"cpeName": "huawei:honor_9i", "name": "huawei honor 9i", "operator": "eq", "version": "-"}, {"cpeName": "huawei:y6_pro", "name": "huawei y6 pro", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:honor_9_lite_firmware:9.1.0.136\\(c636e5r1p5t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.136\\(c636e5r1p5t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:honor_9_lite_firmware:9.1.0.124\\(c00e112r2p10t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.124\\(c00e112r2p10t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:honor_8x:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:honor_8x_firmware:9.1.0.237\\(c432e1r3p2t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.237\\(c432e1r3p2t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:y9:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:y9_firmware:9.1.0.131\\(c432e6r1p5t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.131\\(c432e6r1p5t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:honor_9i_firmware:9.1.0.122\\(c636e4r1p4t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.122\\(c636e4r1p4t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:enjoy_8_plus_firmware:9.1.0.124\\(c00e112r1p6t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.124\\(c00e112r1p6t8\\)", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:enjoy_8_plus:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:y6_pro_firmware:9.1.0.248\\(c636e5r3p1\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.248\\(c636e5r3p1\\)", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:y6_pro:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:honor_8x:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:honor_8x_firmware:9.1.0.237\\(c636e2r4p1t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.237\\(c636e2r4p1t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:honor_8x:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:honor_8x_firmware:9.1.0.217\\(c00e15r3p2t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.217\\(c00e15r3p2t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:honor_9i_firmware:9.1.0.115\\(c00e113r1p6t8\\):*:*:*:*:*:*:*", "versionEndExcluding": "9.1.0.115\\(c00e113r1p6t8\\)", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}}
{"huawei": [{"lastseen": "2019-12-04T13:30:39", "bulletinFamily": "software", "cvelist": ["CVE-2019-5252"], "description": "Products\n\nSwitches\nRouters\nWLAN\nStorage\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nIntelligent Computing\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nIndustry Cloud Enablement Service\nImprovement Service\nCustomer Support Service\nSee All\n\n\n\nPartner\n\nFind a Partner\nChannel Partner Program\nBecome a Partner\nOpenLab\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\nPre-Sale Resource Center\n\nGo to Full Support", "edition": 1, "modified": "2019-12-04T00:00:00", "published": "2019-12-04T00:00:00", "id": "HUAWEI-SA-20191204-01-SMARTPHONE", "href": "https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-smartphone-en", "title": "Security Advisory - Improper Authentication Vulnerability in Smartphones", "type": "huawei", "cvss": {"score": 0.0, "vector": "NONE"}}]}
