CVE-2019-5295

6.4MEDIUM

Key Information:

Vendor: Huawei
Status: Honor V10
Vendor: CVE Published:; 6 June 2019

Summary

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization.

Affected Version(s)

Honor V10 Versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2019
Vulnerability Reserved
Jan 4, 2019