Vulnerabilites related to huawei - honor_9_lite_firmware
cve-2019-5252
Vulnerability from cvelistv5
Published
2019-12-13 23:12
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro |
Version: Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:12:50",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5252",
"datePublished": "2019-12-13T23:12:50",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7946
Vulnerability from cvelistv5
Published
2018-11-27 22:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | Huawei Honor 7A, Huawei Honor 9 Lite |
Version: Huawei Honorinformation leak 7A the versions before 8.0.0.195(C00), Huawei Honor 9 Lite the versions before 8.0.0.182(C01) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Huawei Honor 7A, Huawei Honor 9 Lite",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Huawei Honorinformation leak 7A the versions before 8.0.0.195(C00), Huawei Honor 9 Lite the versions before 8.0.0.182(C01)"
}
]
}
],
"datePublic": "2018-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T21:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Huawei Honor 7A, Huawei Honor 9 Lite",
"version": {
"version_data": [
{
"version_value": "Huawei Honorinformation leak 7A the versions before 8.0.0.195(C00), Huawei Honor 9 Lite the versions before 8.0.0.182(C01)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7946",
"datePublished": "2018-11-27T22:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5251
Vulnerability from cvelistv5
Published
2019-12-13 14:30
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s |
Version: Versions earlier than 9.1.0.333(C00E333R2P1T8) Version: Versions earlier than 9.1.0.226(C00E220R2P1) Version: Versions earlier than 9.1.0.130(C00E115R2P8T8) Version: Versions earlier than 9.1.0.139(C00E133R3P1) Version: Versions earlier than 9.1.0.130(C00E112R2P10T8) Version: Versions earlier than 9.1.0.143(C636E5R1P5T8) Version: Versions earlier than 9.1.0.120(C00E113R1P6T8) Version: Versions earlier than 9.1.1.150(C00E150R1P150) Version: Versions earlier than 9.1.0.226(C00E210R2P1) Version: Versions earlier than 9.1.1.132(C00E131R6P1) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.226(C00E220R2P1)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C00E115R2P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.139(C00E133R3P1)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C00E112R2P10T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.143(C636E5R1P5T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.120(C00E113R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.1.150(C00E150R1P150)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.226(C00E210R2P1)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.1.132(C00E131R6P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T14:30:18",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.226(C00E220R2P1)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C00E115R2P8T8)"
},
{
"version_value": "Versions earlier than 9.1.0.139(C00E133R3P1)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C00E112R2P10T8)"
},
{
"version_value": "Versions earlier than 9.1.0.143(C636E5R1P5T8)"
},
{
"version_value": "Versions earlier than 9.1.0.120(C00E113R1P6T8)"
},
{
"version_value": "Versions earlier than 9.1.1.150(C00E150R1P150)"
},
{
"version_value": "Versions earlier than 9.1.0.226(C00E210R2P1)"
},
{
"version_value": "Versions earlier than 9.1.1.132(C00E131R6P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5251",
"datePublished": "2019-12-13T14:30:18",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5264
Vulnerability from cvelistv5
Published
2019-12-13 23:00
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 |
Version: Versions earlier than 9.0.0.167(C00E85R2P20T8) Version: Versions earlier than 9.0.0.159(C432E4R1P9T8) Version: Versions earlier than 9.0.0.177(C185E2R1P12T8) Version: Versions earlier than 9.0.0.159(C636E2R1P12T8) Version: Versions earlier than 9.0.0.167(C00E87R2P15T8) Version: Versions earlier than 9.0.0.159(C185E2R1P13T8) Version: Versions earlier than 9.0.0.161(C432E4R1P11T8) Version: Versions earlier than 9.0.0.159(C636E2R1P13T8) Version: Versions earlier than 9.0.0.156(C00E156R2P14T8) Version: Versions earlier than 9.0.0.159(C636E3R1P12T8) Version: Versions earlier than 9.1.0.107(C00E107R2P8T8) Version: Versions earlier than 9.1.0.119(C636E5R1P1T8) Version: Versions earlier than 9.1.0.130(C432E8R1P5T8) Version: Versions earlier than 9.1.0.111(C00E111R1P6T8) Version: Versions earlier than 9.1.0.115(C432E5R1P1T8) Version: Versions earlier than 9.1.0.120(C636E5R1P1T8) Version: Versions earlier than 9.1.0.113(C00E111R2P10T8) Version: Versions earlier than 9.1.0.118(C636E4R1P1T8) Version: Versions earlier than 9.1.0.118(C185E4R1P4T8) Version: Versions earlier than 9.1.0.121(C432E4R1P3T8) Version: Versions earlier than 9.1.0.112(C00E112R1P6T8) Version: Versions earlier 9.1.0.106(SP53C636E2R1P4T8) Version: Versions earlier than 9.0.1.158(C432E6R1P8T8) Version: Versions earlier than 9.0.1.159(C636E6R1P8T8) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:00:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5264",
"datePublished": "2019-12-13T23:00:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-12-13 15:15
Modified
2024-11-21 04:44
Severity ?
Summary
There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | honor_v10_firmware | * | |
| huawei | honor_v10 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | enjoy_7s_firmware | * | |
| huawei | enjoy_7s | - | |
| huawei | mate_20_firmware | * | |
| huawei | mate_20 | - | |
| huawei | honor_9_lite_firmware | * | |
| huawei | honor_9_lite | - | |
| huawei | honor_9i_firmware | * | |
| huawei | honor_9i | - | |
| huawei | m6_firmware | * | |
| huawei | m6 | - | |
| huawei | p30_pro_firmware | * | |
| huawei | p30_pro | - | |
| huawei | honor_20s_firmware | * | |
| huawei | honor_20s | - | |
| huawei | honor_9_lite_firmware | * | |
| huawei | honor_9_lite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B394D790-9589-4FC3-8B51-47B9F6E241D2",
"versionEndExcluding": "9.1.0.333\\(c00e333r2p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76BF8190-0F8E-4BEF-81C6-FE409F6B812A",
"versionEndExcluding": "9.1.0.226\\(c00e220r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:enjoy_7s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29CD79B3-14E0-44A4-B9DE-4C4A47449626",
"versionEndExcluding": "9.1.0.130\\(c00e115r2p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:enjoy_7s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40688207-579D-444D-A594-54E65069B6A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BE6DA3-8840-4B23-8F78-632112A2B039",
"versionEndExcluding": "9.1.0.139\\(c00e133r3p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6154A71C-59D9-47C0-B7CA-AC837CB70E32",
"versionEndExcluding": "9.1.0.143\\(c636e5r1p5t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA66B4F-B5D6-485B-A741-1D08C03957E0",
"versionEndExcluding": "9.1.0.120\\(c00e113r1p6t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:m6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC9664F-3422-4630-B917-326BDC4AF0BE",
"versionEndExcluding": "9.1.1.150\\(c00e150r1p150\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "996B603A-E8F8-408D-A204-BB0638498F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B07F3-0A6C-4102-976F-2E787311AA12",
"versionEndExcluding": "9.1.0.226\\(c00e210r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_20s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEBB5CD-2714-4761-A0C7-D97D24D267B6",
"versionEndExcluding": "9.1.1.132\\(c00e131r6p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_20s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1442135-75BB-4C2C-8BBF-354CB0978489",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9024A1-9F5A-4953-AE7C-6AB9926C0BBB",
"versionEndExcluding": "9.1.0.130\\(c00e112r2p10t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de salto de ruta en varios tel\u00e9fonos inteligentes Huawei. El sistema no comprueba de forma suficiente ciertos nombres de ruta de la aplicaci\u00f3n. Un atacante podr\u00eda enga\u00f1ar al usuario para que instale, realice una copia de seguridad y restaure una aplicaci\u00f3n maliciosa. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2019-5251",
"lastModified": "2024-11-21T04:44:36.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T15:15:11.317",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-14 00:15
Modified
2024-11-21 04:44
Severity ?
Summary
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | enjoy_8_plus_firmware | * | |
| huawei | enjoy_8_plus | - | |
| huawei | y9_firmware | * | |
| huawei | y9 | - | |
| huawei | honor_8x_firmware | * | |
| huawei | honor_8x | - | |
| huawei | honor_8x_firmware | * | |
| huawei | honor_8x | - | |
| huawei | honor_8x_firmware | * | |
| huawei | honor_8x | - | |
| huawei | honor_9_lite_firmware | * | |
| huawei | honor_9_lite | - | |
| huawei | honor_9_lite_firmware | * | |
| huawei | honor_9_lite | - | |
| huawei | honor_9i_firmware | * | |
| huawei | honor_9i | - | |
| huawei | honor_9i_firmware | * | |
| huawei | honor_9i | - | |
| huawei | y6_pro_firmware | * | |
| huawei | y6_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:enjoy_8_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17EDB3B1-7A08-4D8E-A8F0-5829B35D7A3B",
"versionEndExcluding": "9.1.0.124\\(c00e112r1p6t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:enjoy_8_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DC2A8F-FBFE-44BA-89C7-55B54B5AE086",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A111265A-382A-4F19-BEB9-0EAB59F89F40",
"versionEndExcluding": "9.1.0.131\\(c432e6r1p5t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92574DA9-4E40-48A7-AE10-72805CCAE4A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_8x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5DB1A9-827C-495A-8A72-B8644BCABB57",
"versionEndExcluding": "9.1.0.217\\(c00e15r3p2t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_8x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7635502-0FD1-464E-8C64-1E8FF6235495",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_8x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F5BCE2-46AF-4C24-98F0-504615A42B3E",
"versionEndExcluding": "9.1.0.237\\(c432e1r3p2t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_8x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7635502-0FD1-464E-8C64-1E8FF6235495",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_8x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DD085C-5447-44DE-ABDD-2A0C327BACC9",
"versionEndExcluding": "9.1.0.237\\(c636e2r4p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_8x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7635502-0FD1-464E-8C64-1E8FF6235495",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDE66A3-79DE-419C-B094-E1FD05AC6A68",
"versionEndExcluding": "9.1.0.124\\(c00e112r2p10t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C92CA7BA-3A0F-4759-8129-0EF267BBA447",
"versionEndExcluding": "9.1.0.136\\(c636e5r1p5t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD14B7B-772D-4935-96E1-C7418D8DDF02",
"versionEndExcluding": "9.1.0.115\\(c00e113r1p6t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BECFDDE9-57E6-42E2-B545-AF5AC373B6C1",
"versionEndExcluding": "9.1.0.122\\(c636e4r1p4t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y6_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81E73A4B-72E9-4449-A76D-2A4300CFCC23",
"versionEndExcluding": "9.1.0.248\\(c636e5r3p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F54999-3926-438D-BF21-8417C6B7A175",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de autenticaci\u00f3n inapropiada en los tel\u00e9fonos inteligentes Huawei (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). El componente applock no realiza una autenticaci\u00f3n suficiente en una condici\u00f3n extra\u00f1a. La explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante usar la aplicaci\u00f3n bloqueada por applock en un instante."
}
],
"id": "CVE-2019-5252",
"lastModified": "2024-11-21T04:44:36.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-14T00:15:11.040",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-13 23:15
Modified
2024-11-21 04:44
Severity ?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB97444-78F0-42E8-BFD9-B89581D3CF78",
"versionEndExcluding": "9.0.0.167\\(c00e85r2p20t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA00374C-6305-4345-8519-4B499A20F99F",
"versionEndExcluding": "9.0.0.159\\(c432e4r1p9t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F963B1-C9D3-44A4-B7C9-206FF9A2503A",
"versionEndExcluding": "9.0.0.177\\(c185e2r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2990333D-857C-4C65-B940-978447168E23",
"versionEndExcluding": "9.0.0.159\\(c636e2r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C97C82D-1965-4B5D-A5BF-796E07B6E12E",
"versionEndExcluding": "9.0.0.167\\(c00e87r2p15t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D17EEA8-3102-42D0-ABDB-A07B180F7C4A",
"versionEndExcluding": "9.0.0.159\\(c185e2r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "292942FC-5A4B-4E4D-B6F9-B1FB22241282",
"versionEndExcluding": "9.0.0.161\\(c432e4r1p11t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8551C436-EB83-4982-A896-1804F5706C97",
"versionEndExcluding": "9.0.0.159\\(c636e2r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC77875A-B792-4F5B-9D79-A88121825CE1",
"versionEndExcluding": "9.0.0.156\\(c00e156r2p14t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB619BE5-AEF8-4BB1-8700-198C9536A37D",
"versionEndExcluding": "9.0.0.159\\(c432e4r1p9t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E15EECD-43B1-40CA-9491-F07DF8F468B6",
"versionEndExcluding": "9.0.0.159\\(c636e3r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:changxiang_7s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7A8043-4A12-42FD-A17E-FF175F20E14A",
"versionEndExcluding": "9.1.0.107\\(c00e107r2p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:changxiang_7s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C49A64F9-A264-42F8-8213-10F893AF4520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p-smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9D516B-8474-4194-97D3-155B13975A75",
"versionEndExcluding": "9.1.0.119\\(c636e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p-smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90F70B-C5A2-4B14-AECA-B2014FAFC3C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p-smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "449025DE-ABD7-437E-9B4A-7541CC184E19",
"versionEndExcluding": "9.1.0.130\\(c432e8r1p5t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p-smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90F70B-C5A2-4B14-AECA-B2014FAFC3C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:changxiang_8_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455F22C9-E60D-4335-9780-8068FB42DEFC",
"versionEndExcluding": "9.1.0.111\\(c00e111r1p6t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:changxiang_8_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED01DFA5-3411-4D0D-B41D-9D6E3AD620FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y9_2018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DBAFE8-3B9B-4F2A-A902-8FA9E76B6815",
"versionEndExcluding": "9.1.0.115\\(c432e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y9_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8ED2EF-8C0B-48E7-BB76-261F1BE3B857",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y9_2018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27FB85CA-EE8E-47E6-8BC6-D0D3F78E310B",
"versionEndExcluding": "9.1.0.120\\(c636e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y9_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8ED2EF-8C0B-48E7-BB76-261F1BE3B857",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "287546B5-A7EF-44A0-8EA9-80809C40E916",
"versionEndExcluding": "9.1.0.113\\(c00e111r2p10t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61024F08-FAB3-442D-81A1-14E42B3F154B",
"versionEndExcluding": "9.1.0.118\\(c636e4r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49DEB50F-8345-4509-88A8-9F804D13C358",
"versionEndExcluding": "9.1.0.118\\(c185e4r1p4t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C15176A7-3D9B-461B-BF23-82DBABDFB764",
"versionEndExcluding": "9.1.0.121\\(c432e4r1p3t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A952DE4-CE00-42FB-BDBF-B024B2ABB004",
"versionEndExcluding": "9.1.0.121\\(c432e4r1p3t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76911BF2-6AA5-4E8F-A0C2-50488C9645D3",
"versionEndExcluding": "9.1.0.106\\(sp53c636e2r1p4t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3574DAD1-E9B6-4D18-BD26-5EE85FB11412",
"versionEndExcluding": "9.0.1.158\\(c432e6r1p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C743611-3E88-43E1-884D-FCB906870D01",
"versionEndExcluding": "9.0.1.159\\(c636e6r1p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
},
{
"lang": "es",
"value": "tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en ciertos tel\u00e9fonos inteligentes Huawei (Mate 10; Mate 10 Pro; Honor V10; Changxiang 7S; P-smart; Changxiang 8 Plus; Y9 2018; Honor 9 Lite; Honor 9i; Mate 9). El software no maneja apropiadamente cierta informaci\u00f3n de aplicaciones bloqueadas mediante applock en una condici\u00f3n extra\u00f1a. La explotaci\u00f3n con \u00e9xito podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2019-5264",
"lastModified": "2024-11-21T04:44:38.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T23:15:12.050",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-27 22:29
Modified
2024-11-21 04:13
Severity ?
Summary
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | honor_7a_firmware | * | |
| huawei | honor_7a | - | |
| huawei | honor_9_lite_firmware | * | |
| huawei | honor_9_lite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_7a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C025BDC6-4F2E-424B-9D35-7068EA0FE63E",
"versionEndExcluding": "8.0.0.195\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "806F3E0A-FC71-4FF3-848A-237A768259B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15E7B669-A120-430A-984A-48A137CED8F0",
"versionEndExcluding": "8.0.0.182\\(c01\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de fuga de informaci\u00f3n en algunos smartphones Huawei. Un atacante podr\u00eda realizar algunas configuraciones espec\u00edficas en el smartphone y enga\u00f1ar a un usuario para que introduzca informaci\u00f3n sensible. Debido al dise\u00f1o incorrecto, su explotaci\u00f3n con \u00e9xito podr\u00eda provocar un filtrado de informaci\u00f3n."
}
],
"id": "CVE-2018-7946",
"lastModified": "2024-11-21T04:13:00.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-27T22:29:00.257",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}