ID

VAR-201912-0062


CVE

CVE-2019-5264


TITLE

plural Huawei Information disclosure vulnerabilities in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013432

DESCRIPTION

There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure. Huawei Mate 9 and other products are products of China's Huawei. Huawei Mate 9 is a smartphone. Huawei Mate 10 is a smartphone product of Huawei. Honor 9 Lite is a smartphone. The vulnerability stems from the system's improper handling of application information with an application lock set in a specific scenario that rarely occurs

Trust: 2.16

sources: NVD: CVE-2019-5264 // JVNDB: JVNDB-2019-013432 // CNVD: CNVD-2020-36736

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-36736

AFFECTED PRODUCTS

vendor:huaweimodel:mate pro <9.0.0.159scope:eqversion:10

Trust: 1.2

vendor:huaweimodel:honor <9.0.0.159scope:eqversion:v10

Trust: 1.2

vendor:huaweimodel:honor lite <9.1.0.118scope:eqversion:9

Trust: 1.2

vendor:huaweimodel:mate <9.0.0.159scope:eqversion:10

Trust: 1.2

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.121\(c432e4r1p3t8\)

Trust: 1.0

vendor:huaweimodel:changxiang 7sscope:ltversion:9.1.0.107\(c00e107r2p8t8\)

Trust: 1.0

vendor:huaweimodel:honor 9iscope:ltversion:9.1.0.121\(c432e4r1p3t8\)

Trust: 1.0

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.118\(c636e4r1p1t8\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:9.0.0.159\(c185e2r1p13t8\)

Trust: 1.0

vendor:huaweimodel:y9 2018scope:ltversion:9.1.0.115\(c432e5r1p1t8\)

Trust: 1.0

vendor:huaweimodel:mate 9scope:ltversion:9.0.1.159\(c636e6r1p8t8\)

Trust: 1.0

vendor:huaweimodel:mate 10scope:ltversion:9.0.0.159\(c432e4r1p9t8\)

Trust: 1.0

vendor:huaweimodel:p-smartscope:ltversion:9.1.0.130\(c432e8r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 9iscope:ltversion:9.1.0.106\(sp53c636e2r1p4t8\)

Trust: 1.0

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.113\(c00e111r2p10t8\)

Trust: 1.0

vendor:huaweimodel:mate 10scope:ltversion:9.0.0.167\(c00e85r2p20t8\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:9.0.0.159\(c636e2r1p13t8\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:9.0.0.161\(c432e4r1p11t8\)

Trust: 1.0

vendor:huaweimodel:mate 9scope:ltversion:9.0.1.158\(c432e6r1p8t8\)

Trust: 1.0

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.118\(c185e4r1p4t8\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:9.0.0.159\(c636e3r1p12t8\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:9.0.0.156\(c00e156r2p14t8\)

Trust: 1.0

vendor:huaweimodel:mate 10scope:ltversion:9.0.0.177\(c185e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:9.0.0.167\(c00e87r2p15t8\)

Trust: 1.0

vendor:huaweimodel:y9 2018scope:ltversion:9.1.0.120\(c636e5r1p1t8\)

Trust: 1.0

vendor:huaweimodel:mate 10scope:ltversion:9.0.0.159\(c636e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:changxiang 8 plusscope:ltversion:9.1.0.111\(c00e111r1p6t8\)

Trust: 1.0

vendor:huaweimodel:p-smartscope:ltversion:9.1.0.119\(c636e5r1p1t8\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:9.0.0.159\(c432e4r1p9t8\)

Trust: 1.0

vendor:huaweimodel:changxiang 7sscope: - version: -

Trust: 0.8

vendor:huaweimodel:changxiang 8 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9iscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor v10scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 10 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 10scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 9scope: - version: -

Trust: 0.8

vendor:huaweimodel:p smartscope: - version: -

Trust: 0.8

vendor:huaweimodel:y9 2018scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate pro <9.0.0.167scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:mate pro <9.0.0.161scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:honor <9.0.0.156scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:changxiang 7s <9.1.0.107scope: - version: -

Trust: 0.6

vendor:huaweimodel:p-smart <9.1.0.119scope: - version: -

Trust: 0.6

vendor:huaweimodel:p-smart <9.1.0.130scope: - version: -

Trust: 0.6

vendor:huaweimodel:changxiang <=9.1.0.111scope: - version: -

Trust: 0.6

vendor:huaweimodel:y9 <9.1.0.115scope:eqversion:2018

Trust: 0.6

vendor:huaweimodel:y9 <9.1.0.120scope:eqversion:2018

Trust: 0.6

vendor:huaweimodel:honor lite <9.1.0.113scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:honor lite <9.1.0.121scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:honor 9i <9.1.0.112scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor 9i <9.1.0.106scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate <9.0.1.158scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <9.0.1.159scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <9.0.0.167scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:mate <9.0.0.177scope:eqversion:10

Trust: 0.6

sources: CNVD: CNVD-2020-36736 // JVNDB: JVNDB-2019-013432 // NVD: CVE-2019-5264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5264
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5264
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-36736
value: LOW

Trust: 0.6

CNNVD: CNNVD-201912-552
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5264
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-36736
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5264
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5264
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-36736 // JVNDB: JVNDB-2019-013432 // CNNVD: CNNVD-201912-552 // NVD: CVE-2019-5264

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-013432 // NVD: CVE-2019-5264

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-552

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013432

PATCH

title:huawei-sa-20191211-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en

Trust: 0.8

title:Patch for Multiple Huawei product information disclosure vulnerabilities (CNVD-2020-36736)url:https://www.cnvd.org.cn/patchInfo/show/224731

Trust: 0.6

title:Multiple Huawei Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105742

Trust: 0.6

sources: CNVD: CNVD-2020-36736 // JVNDB: JVNDB-2019-013432 // CNNVD: CNNVD-201912-552

EXTERNAL IDS

db:NVDid:CVE-2019-5264

Trust: 3.0

db:JVNDBid:JVNDB-2019-013432

Trust: 0.8

db:CNVDid:CNVD-2020-36736

Trust: 0.6

db:CNNVDid:CNNVD-201912-552

Trust: 0.6

sources: CNVD: CNVD-2020-36736 // JVNDB: JVNDB-2019-013432 // CNNVD: CNNVD-201912-552 // NVD: CVE-2019-5264

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5264

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191211-01-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5264

Trust: 0.8

sources: CNVD: CNVD-2020-36736 // JVNDB: JVNDB-2019-013432 // CNNVD: CNNVD-201912-552 // NVD: CVE-2019-5264

CREDITS

The vulnerability was reported to Huawei by security researcher Fan Yuchen PSIRT . Huawei thanks Fan Yuzheng for cooperating with us to disclose the vulnerability to protect Huawei's customers.

Trust: 0.6

sources: CNNVD: CNNVD-201912-552

SOURCES

db:CNVDid:CNVD-2020-36736
db:JVNDBid:JVNDB-2019-013432
db:CNNVDid:CNNVD-201912-552
db:NVDid:CVE-2019-5264

LAST UPDATE DATE

2024-11-23T21:51:49.887000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-36736date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2019-013432date:2020-01-06T00:00:00
db:CNNVDid:CNNVD-201912-552date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5264date:2024-11-21T04:44:38.040

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-36736date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2019-013432date:2020-01-06T00:00:00
db:CNNVDid:CNNVD-201912-552date:2019-12-11T00:00:00
db:NVDid:CVE-2019-5264date:2019-12-13T23:15:12.050