Details of VAR-201911-0827

ID

VAR-201911-0827

CVE

CVE-2019-5213

TITLE

Honor play Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-011961

DESCRIPTION

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. This vulnerability is caused by a logical error

Trust: 2.16

sources: NVD: CVE-2019-5213 // JVNDB: JVNDB-2019-011961 // CNVD: CNVD-2019-39530

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-39530

AFFECTED PRODUCTS

vendor:	huawei	model:	honor play	scope:	eq	version:	-	Trust: 1.2
vendor:	huawei	model:	honor play	scope:	lt	version:	cornell-al00a_9.1.0.321\(c00e320r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	honor play	scope:	lt	version:	cornell-al00a 9.1.0.321(c00e320r1p1t8)	Trust: 0.8
vendor:	huawei	model:	honor play <cornell-al00a 9.1.0.321	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor play	scope:	eq	version:	cornell-al00a_9.0.0.156c00e156r1p13t8	Trust: 0.6
vendor:	huawei	model:	honor play	scope:	eq	version:	9.1.0.333c00e333r1p1t8	Trust: 0.6

sources: CNVD: CNVD-2019-39530 // JVNDB: JVNDB-2019-011961 // CNNVD: CNNVD-201910-1444 // NVD: CVE-2019-5213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5213
value:	LOW
Trust: 1.0
NVD:	CVE-2019-5213
value:	LOW
Trust: 0.8
CNVD:	CNVD-2019-39530
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201910-1444
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2019-5213
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-39530
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5213
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5213
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-39530 // JVNDB: JVNDB-2019-011961 // CNNVD: CNNVD-201910-1444 // NVD: CVE-2019-5213

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-011961 // NVD: CVE-2019-5213

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-1444

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011961

PATCH

title:	huawei-sa-20191023-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en	Trust: 0.8
title:	Huawei Honor Play Cornell-AL00A has an unknown vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/189067	Trust: 0.6
title:	Huawei Honor Play Cornell-AL00A Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102870	Trust: 0.6

sources: CNVD: CNVD-2019-39530 // JVNDB: JVNDB-2019-011961 // CNNVD: CNNVD-201910-1444

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5213	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011961	Trust: 0.8
db:	CNVD	id:	CNVD-2019-39530	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1444	Trust: 0.6

sources: CNVD: CNVD-2019-39530 // JVNDB: JVNDB-2019-011961 // CNNVD: CNNVD-201910-1444 // NVD: CVE-2019-5213

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5213	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191023-01-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5213	Trust: 0.8

sources: CNVD: CNVD-2019-39530 // JVNDB: JVNDB-2019-011961 // CNNVD: CNNVD-201910-1444 // NVD: CVE-2019-5213

CREDITS

Ding Yicong

Trust: 0.6

sources: CNNVD: CNNVD-201910-1444

SOURCES

db:	CNVD	id:	CNVD-2019-39530
db:	JVNDB	id:	JVNDB-2019-011961
db:	CNNVD	id:	CNNVD-201910-1444
db:	NVD	id:	CVE-2019-5213

LAST UPDATE DATE

2024-11-23T22:41:17.964000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-39530	date:	2019-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-011961	date:	2019-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201910-1444	date:	2019-11-18T00:00:00
db:	NVD	id:	CVE-2019-5213	date:	2024-11-21T04:44:31.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-39530	date:	2019-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-011961	date:	2019-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201910-1444	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2019-5213	date:	2019-11-12T23:15:10.160