ID

VAR-201906-0113


CVE

CVE-2019-5295


TITLE

Huawei Honor V10 Smartphone authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005370

DESCRIPTION

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. Huawei Honor V10 is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5295 // JVNDB: JVNDB-2019-005370 // CNVD: CNVD-2019-33623

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33623

AFFECTED PRODUCTS

vendor:huaweimodel:honor view 10scope:ltversion:berkeley-al20_9.0.0.125\(c00e125r2p14t8\)

Trust: 1.0

vendor:huaweimodel:honor view 10scope:ltversion:berkeley-al20 9.0.0.125(c00e125r2p14t8)

Trust: 0.8

vendor:huaweimodel:honor berkeley-al20 berkeley-al20 9.0.0.125scope:eqversion:v10<

Trust: 0.6

sources: CNVD: CNVD-2019-33623 // JVNDB: JVNDB-2019-005370 // NVD: CVE-2019-5295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5295
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5295
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-33623
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-1061
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5295
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33623
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5295
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-33623 // JVNDB: JVNDB-2019-005370 // CNNVD: CNNVD-201901-1061 // NVD: CVE-2019-5295

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-285

Trust: 0.8

sources: JVNDB: JVNDB-2019-005370 // NVD: CVE-2019-5295

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-1061

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005370

PATCH

title:huawei-sa-20190131-01-phoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-en

Trust: 0.8

title:Patch for Huawei Honor V10 Authorization Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182851

Trust: 0.6

title:Huawei Honor V10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89129

Trust: 0.6

sources: CNVD: CNVD-2019-33623 // JVNDB: JVNDB-2019-005370 // CNNVD: CNNVD-201901-1061

EXTERNAL IDS

db:NVDid:CVE-2019-5295

Trust: 3.0

db:JVNDBid:JVNDB-2019-005370

Trust: 0.8

db:CNVDid:CNVD-2019-33623

Trust: 0.6

db:CNNVDid:CNNVD-201901-1061

Trust: 0.6

sources: CNVD: CNVD-2019-33623 // JVNDB: JVNDB-2019-005370 // CNNVD: CNNVD-201901-1061 // NVD: CVE-2019-5295

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5295

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190131-01-phone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5295

Trust: 0.8

sources: CNVD: CNVD-2019-33623 // JVNDB: JVNDB-2019-005370 // CNNVD: CNNVD-201901-1061 // NVD: CVE-2019-5295

SOURCES

db:CNVDid:CNVD-2019-33623
db:JVNDBid:JVNDB-2019-005370
db:CNNVDid:CNNVD-201901-1061
db:NVDid:CVE-2019-5295

LAST UPDATE DATE

2024-11-23T22:48:22.925000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-33623date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005370date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201901-1061date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5295date:2024-11-21T04:44:41.520

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-33623date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005370date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201901-1061date:2019-01-31T00:00:00
db:NVDid:CVE-2019-5295date:2019-06-06T15:29:01.343