Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-5252
HistoryDec 14, 2019 - 12:15 a.m.

CVE-2019-5252

2019-12-1400:15:11
CWE-287
[email protected]
web.nvd.nist.gov

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

3.5 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%

JSON

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.

Affected configurations

NVD
Node
huaweienjoy_8_plus_firmwareRange<9.1.0.124\(c00e112r1p6t8\)
AND
huaweienjoy_8_plusMatch-
Node
huaweiy9_firmwareRange<9.1.0.131\(c432e6r1p5t8\)
AND
huaweiy9Match-
Node
huaweihonor_8x_firmwareRange<9.1.0.217\(c00e15r3p2t8\)
AND
huaweihonor_8xMatch-
Node
huaweihonor_8x_firmwareRange<9.1.0.237\(c432e1r3p2t8\)
AND
huaweihonor_8xMatch-
Node
huaweihonor_8x_firmwareRange<9.1.0.237\(c636e2r4p1t8\)
AND
huaweihonor_8xMatch-
Node
huaweihonor_9_lite_firmwareRange<9.1.0.124\(c00e112r2p10t8\)
AND
huaweihonor_9_liteMatch-
Node
huaweihonor_9_lite_firmwareRange<9.1.0.136\(c636e5r1p5t8\)
AND
huaweihonor_9_liteMatch-
Node
huaweihonor_9i_firmwareRange<9.1.0.115\(c00e113r1p6t8\)
AND
huaweihonor_9iMatch-
Node
huaweihonor_9i_firmwareRange<9.1.0.122\(c636e4r1p4t8\)
AND
huaweihonor_9iMatch-
Node
huaweiy6_pro_firmwareRange<9.1.0.248\(c636e5r3p1\)
AND
huaweiy6_proMatch-

Related

huawei 1
cvelist 1
prion 1
cve 1
huawei
huawei
Security Advisory - Improper Authentication Vulnerability in Smartphones
2019-12-04 00:00:00
cvelist
cvelist
CVE-2019-5252
2019-12-13 23:12:50
prion
prion
Authentication flaw
2019-12-14 00:15:00
cve
cve
CVE-2019-5252
2019-12-14 00:15:11

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

3.5 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%

JSON
Related for NVD:CVE-2019-5252
huawei1cvelist1prion1cve1