Information Leak in Honor and Huawei Mobile Phones
CVE-2019-5292
3.3LOW
Key Information:
- Vendor
- Huawei
- Vendor
- CVE Published:
- 13 November 2019
Summary
The vulnerability affects multiple Huawei mobile phone models, specifically the Honor 10 Lite, Honor 8A, and Huawei Y6, all of which are running pre-specified software versions. It stems from improper management of error records in certain modules, allowing authorized users to exploit this flaw to extract sensitive information from the device. Users are advised to update their devices to the latest versions to mitigate this risk.
Affected Version(s)
Honor 10 Lite, Honor 8A, Huawei Y6 The versions before 9.1.0.217(C00E215R3P1), The versions before 9.1.0.205(C00E97R1P9), The versions before 9.1.0.205(C00E97R2P2)
References
CVSS V3.1
Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved