CVE-2019-5213

2.4LOW

Key Information:

Vendor: Huawei
Status: Honor Play
Vendor: CVE Published:; 12 November 2019

Summary

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.

Affected Version(s)

Honor play Versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2019
Vulnerability Reserved
Jan 4, 2019