CVE-2019-5252

3.5LOW

Key Information:

Vendor: Huawei
Status: Y9, Honor 8x, Honor 9 Lite, Honor 9i, Y6 Pro
Vendor: CVE Published:; 14 December 2019

Summary

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.

Affected Version(s)

Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2019
Vulnerability Reserved
Jan 4, 2019