cvelistv5 - cve-2019-5213

CVE-2019-5213 (GCVE-0-2019-5213)

Vulnerability from cvelistv5 – Published: 2019-11-12 22:47 – Updated: 2024-08-04 19:47

Summary

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.

Severity ?

No CVSS data available.

CWE

Insufficient Authentication

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Honor play	Affected: Versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:47:56.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Honor play",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient Authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-12T22:47:47",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2019-5213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Honor play",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en",
              "refsource": "MISC",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2019-5213",
    "datePublished": "2019-11-12T22:47:47",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:47:56.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"cornell-al00a_9.1.0.321\\\\(c00e320r1p1t8\\\\)\", \"matchCriteriaId\": \"434EFE4E-FA21-4703-BF6C-5DB602E5EA63\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B4BC963-31B0-4731-8D15-3EFD00E463BE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.\"}, {\"lang\": \"es\", \"value\": \"Tel\\u00e9fonos Inteligentes Honor Play con versiones anteriores a Cornell-AL00A versi\\u00f3n 9.1.0.321 (C00E320R1P1T8), presentan una vulnerabilidad de autenticaci\\u00f3n insuficiente. El sistema presenta un error de juez l\\u00f3gico bajo cierto escenario. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante modificar la configuraci\\u00f3n del reloj de alarma posterior a una serie de operaciones poco comunes sin desbloquear el bloqueo de pantalla.\"}]",
      "id": "CVE-2019-5213",
      "lastModified": "2024-11-21T04:44:31.620",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 2.4, \"baseSeverity\": \"LOW\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 1.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-12T23:15:10.160",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5213\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2019-11-12T23:15:10.160\",\"lastModified\":\"2024-11-21T04:44:31.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.\"},{\"lang\":\"es\",\"value\":\"Tel\u00e9fonos Inteligentes Honor Play con versiones anteriores a Cornell-AL00A versi\u00f3n 9.1.0.321 (C00E320R1P1T8), presentan una vulnerabilidad de autenticaci\u00f3n insuficiente. El sistema presenta un error de juez l\u00f3gico bajo cierto escenario. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante modificar la configuraci\u00f3n del reloj de alarma posterior a una serie de operaciones poco comunes sin desbloquear el bloqueo de pantalla.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"cornell-al00a_9.1.0.321\\\\(c00e320r1p1t8\\\\)\",\"matchCriteriaId\":\"434EFE4E-FA21-4703-BF6C-5DB602E5EA63\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B4BC963-31B0-4731-8D15-3EFD00E463BE\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2019-5213

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5213

Aliases

CVE-2019-5213

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5213",
    "description": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.",
    "id": "GSD-2019-5213"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5213"
      ],
      "details": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.",
      "id": "GSD-2019-5213",
      "modified": "2023-12-13T01:23:55.338178Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2019-5213",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Honor play",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Insufficient Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en",
            "refsource": "MISC",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "cornell-al00a_9.1.0.321\\(c00e320r1p1t8\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2019-5213"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-11-15T13:45Z",
      "publishedDate": "2019-11-12T23:15Z"
    }
  }
}

CNVD-2019-39530

Vulnerability from cnvd - Published: 2019-11-07

Title

Huawei Honor Play Cornell-AL00A存在未明漏洞

Description

Huawei Honor Play Cornell-AL00A是中国华为（Huawei）公司的一款智能手机。 Huawei Honor Play Cornell-AL00A 9.1.0.321(C00E320R1P1T8)之前的版本中存在安全漏洞，该漏洞源于逻辑判断错误，攻击者可利用该漏洞在不解开锁屏的情况下修改闹钟设置。

Severity

低

Patch Name

Huawei Honor Play Cornell-AL00A存在未明漏洞

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191023-01-smartphone-cn

Reference

https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191023-01-smartphone-cn

Impacted products

Name
Huawei Honor Play <Cornell-AL00A 9.1.0.321(C00E320R1P1T8)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5213"
    }
  },
  "description": "Huawei Honor Play Cornell-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\nHuawei Honor Play Cornell-AL00A 9.1.0.321(C00E320R1P1T8)\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u903b\u8f91\u5224\u65ad\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e0d\u89e3\u5f00\u9501\u5c4f\u7684\u60c5\u51b5\u4e0b\u4fee\u6539\u95f9\u949f\u8bbe\u7f6e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191023-01-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-39530",
  "openTime": "2019-11-07",
  "patchDescription": "Huawei Honor Play Cornell-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\nHuawei Honor Play Cornell-AL00A 9.1.0.321(C00E320R1P1T8)\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u903b\u8f91\u5224\u65ad\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e0d\u89e3\u5f00\u9501\u5c4f\u7684\u60c5\u51b5\u4e0b\u4fee\u6539\u95f9\u949f\u8bbe\u7f6e\u3002",
  "patchName": "Huawei Honor Play Cornell-AL00A\u5b58\u5728\u672a\u660e\u6f0f\u6d1e",
  "products": {
    "product": "Huawei Honor Play \u003cCornell-AL00A 9.1.0.321(C00E320R1P1T8)"
  },
  "referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191023-01-smartphone-cn",
  "serverity": "\u4f4e",
  "submitTime": "2019-10-24",
  "title": "Huawei Honor Play Cornell-AL00A\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

VAR-201911-0827

Vulnerability from variot - Updated: 2023-12-18 12:43

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0827",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "honor play",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "honor play",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "cornell-al00a_9.1.0.321\\(c00e320r1p1t8\\)"
      },
      {
        "model": "honor play",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "cornell-al00a 9.1.0.321(c00e320r1p1t8)"
      },
      {
        "model": "honor play \u003ccornell-al00a 9.1.0.321",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "honor play",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "cornell-al00a_9.0.0.156c00e156r1p13t8"
      },
      {
        "model": "honor play",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "9.1.0.333c00e333r1p1t8"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "cornell-al00a_9.1.0.321\\(c00e320r1p1t8\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ding Yicong",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-5213",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 1.9,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-5213",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-39530",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.9,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.4,
            "baseSeverity": "Low",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-5213",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-5213",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-39530",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-1444",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. This vulnerability is caused by a logical error",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5213",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "id": "VAR-201911-0827",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      }
    ],
    "trust": 1.2931818000000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:43:14.290000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20191023-01-smartphone",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
      },
      {
        "title": "Huawei Honor Play Cornell-AL00A has an unknown vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/189067"
      },
      {
        "title": "Huawei Honor Play Cornell-AL00A Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102870"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5213"
      },
      {
        "trust": 1.2,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191023-01-smartphone-cn"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5213"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "date": "2019-11-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "date": "2019-11-12T23:15:10.160000",
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-39530"
      },
      {
        "date": "2019-11-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      },
      {
        "date": "2019-11-15T13:45:29.157000",
        "db": "NVD",
        "id": "CVE-2019-5213"
      },
      {
        "date": "2019-11-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Honor play Authentication vulnerabilities in smartphones",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011961"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1444"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2019-5213

Vulnerability from fkie_nvd - Published: 2019-11-12 23:15 - Updated: 2024-11-21 04:44

Severity ?

2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

References

	URL	Tags
	psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	honor_play_firmware	*
	huawei	honor_play	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "434EFE4E-FA21-4703-BF6C-5DB602E5EA63",
              "versionEndExcluding": "cornell-al00a_9.1.0.321\\(c00e320r1p1t8\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4BC963-31B0-4731-8D15-3EFD00E463BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."
    },
    {
      "lang": "es",
      "value": "Tel\u00e9fonos Inteligentes Honor Play con versiones anteriores a Cornell-AL00A versi\u00f3n 9.1.0.321 (C00E320R1P1T8), presentan una vulnerabilidad de autenticaci\u00f3n insuficiente. El sistema presenta un error de juez l\u00f3gico bajo cierto escenario. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante modificar la configuraci\u00f3n del reloj de alarma posterior a una serie de operaciones poco comunes sin desbloquear el bloqueo de pantalla."
    }
  ],
  "id": "CVE-2019-5213",
  "lastModified": "2024-11-21T04:44:31.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-12T23:15:10.160",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R76G-8CJW-FQWR

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5213"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-12T23:15:00Z",
    "severity": "LOW"
  },
  "details": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.",
  "id": "GHSA-r76g-8cjw-fqwr",
  "modified": "2022-05-24T17:00:51Z",
  "published": "2022-05-24T17:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5213"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5213 (GCVE-0-2019-5213)

GSD-2019-5213

CNVD-2019-39530

VAR-201911-0827

FKIE_CVE-2019-5213

GHSA-R76G-8CJW-FQWR

Tags

Sightings

Nomenclature