ID

VAR-201911-0267


CVE

CVE-2019-5292


TITLE

plural Huawei Information disclosure vulnerability in mobile phones

Trust: 0.8

sources: JVNDB: JVNDB-2019-011939

DESCRIPTION

Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. The vulnerability stems from a reasonable record of module functionality. Error message

Trust: 2.16

sources: NVD: CVE-2019-5292 // JVNDB: JVNDB-2019-011939 // CNVD: CNVD-2019-41249

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41249

AFFECTED PRODUCTS

vendor:huaweimodel:y6scope:ltversion:9.1.0.205\(c00e97r2p2\)

Trust: 1.0

vendor:huaweimodel:honor 10 litescope:ltversion:9.1.0.217\(c00e215r3p1\)

Trust: 1.0

vendor:huaweimodel:honor 8ascope:ltversion:9.1.0.205\(c00e97r1p9\)

Trust: 1.0

vendor:huaweimodel:honor 10 litescope:ltversion:9.1.0.217(c00e215r3p1)

Trust: 0.8

vendor:huaweimodel:honor 8ascope:ltversion:9.1.0.205(c00e97r1p9)

Trust: 0.8

vendor:huaweimodel:y6scope:ltversion:9.1.0.205(c00e97r2p2)

Trust: 0.8

vendor:huaweimodel:honor lite <9.1.0.217scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:honor 8a <9.1.0.205scope: - version: -

Trust: 0.6

vendor:huaweimodel:y6 <9.1.0.205scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-41249 // JVNDB: JVNDB-2019-011939 // NVD: CVE-2019-5292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5292
value: LOW

Trust: 1.0

NVD: CVE-2019-5292
value: LOW

Trust: 0.8

CNVD: CNVD-2019-41249
value: LOW

Trust: 0.6

CNNVD: CNNVD-201910-1807
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-5292
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41249
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5292
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-5292
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41249 // JVNDB: JVNDB-2019-011939 // CNNVD: CNNVD-201910-1807 // NVD: CVE-2019-5292

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-011939 // NVD: CVE-2019-5292

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1807

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201910-1807

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011939

PATCH

title:huawei-sa-20191030-01-phoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-phone-en

Trust: 0.8

title:Patch for Huawei Honor 10 Lite, Honor 8A, and Huawei Y6 Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/190787

Trust: 0.6

title:Huawei Honor 10 Lite , Honor 8A and Huawei Y6 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101065

Trust: 0.6

sources: CNVD: CNVD-2019-41249 // JVNDB: JVNDB-2019-011939 // CNNVD: CNNVD-201910-1807

EXTERNAL IDS

db:NVDid:CVE-2019-5292

Trust: 3.0

db:JVNDBid:JVNDB-2019-011939

Trust: 0.8

db:CNVDid:CNVD-2019-41249

Trust: 0.6

db:CNNVDid:CNNVD-201910-1807

Trust: 0.6

sources: CNVD: CNVD-2019-41249 // JVNDB: JVNDB-2019-011939 // CNNVD: CNNVD-201910-1807 // NVD: CVE-2019-5292

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-phone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5292

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191030-01-phone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5292

Trust: 0.8

sources: CNVD: CNVD-2019-41249 // JVNDB: JVNDB-2019-011939 // CNNVD: CNNVD-201910-1807 // NVD: CVE-2019-5292

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-201910-1807

SOURCES

db:CNVDid:CNVD-2019-41249
db:JVNDBid:JVNDB-2019-011939
db:CNNVDid:CNNVD-201910-1807
db:NVDid:CVE-2019-5292

LAST UPDATE DATE

2024-11-23T22:33:40.361000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-41249date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-011939date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201910-1807date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5292date:2024-11-21T04:44:41.157

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-41249date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-011939date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201910-1807date:2019-10-30T00:00:00
db:NVDid:CVE-2019-5292date:2019-11-13T16:15:11.657