Lucene search

K
cve[email protected]CVE-2019-5252
HistoryDec 14, 2019 - 12:15 a.m.

CVE-2019-5252

2019-12-1400:15:11
CWE-287
web.nvd.nist.gov
109
cve-2019-5252
huawei
smartphones
authentication
vulnerability
applock
bypass

3.5 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

23.8%

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.

Affected configurations

NVD
Node
huaweienjoy_8_plus_firmwareRange<9.1.0.124\(c00e112r1p6t8\)
AND
huaweienjoy_8_plusMatch-
Node
huaweiy9_firmwareRange<9.1.0.131\(c432e6r1p5t8\)
AND
huaweiy9Match-
Node
huaweihonor_8x_firmwareRange<9.1.0.217\(c00e15r3p2t8\)
AND
huaweihonor_8xMatch-
Node
huaweihonor_8x_firmwareRange<9.1.0.237\(c432e1r3p2t8\)
AND
huaweihonor_8xMatch-
Node
huaweihonor_8x_firmwareRange<9.1.0.237\(c636e2r4p1t8\)
AND
huaweihonor_8xMatch-
Node
huaweihonor_9_lite_firmwareRange<9.1.0.124\(c00e112r2p10t8\)
AND
huaweihonor_9_liteMatch-
Node
huaweihonor_9_lite_firmwareRange<9.1.0.136\(c636e5r1p5t8\)
AND
huaweihonor_9_liteMatch-
Node
huaweihonor_9i_firmwareRange<9.1.0.115\(c00e113r1p6t8\)
AND
huaweihonor_9iMatch-
Node
huaweihonor_9i_firmwareRange<9.1.0.122\(c636e4r1p4t8\)
AND
huaweihonor_9iMatch-
Node
huaweiy6_pro_firmwareRange<9.1.0.248\(c636e5r3p1\)
AND
huaweiy6_proMatch-

CNA Affected

[
  {
    "product": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
      }
    ]
  }
]

3.5 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

23.8%

Related for CVE-2019-5252