Sign-up

ID

VAR-201912-0802


CVE

CVE-2019-5250


TITLE

Mate 20 Pro Unauthorized authentication vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-013190

DESCRIPTION

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Mate 20 Pro Smartphones are vulnerable to unauthorized authentication.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Mate 20 Pro is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5250 // JVNDB: JVNDB-2019-013190 // CNVD: CNVD-2020-02962

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02962

AFFECTED PRODUCTS

vendor:huaweimodel:mate 20 proscope:ltversion:9.1.0.135\(c00e133r3p1\)

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:ltversion:9.1.0.135(c00e133r3p1)

Trust: 0.8

vendor:huaweimodel:mate pro <9.1.0.135scope:eqversion:20

Trust: 0.6

sources: CNVD: CNVD-2020-02962 // JVNDB: JVNDB-2019-013190 // NVD: CVE-2019-5250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5250
value: HIGH

Trust: 1.0

NVD: CVE-2019-5250
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-02962
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-173
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5250
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02962
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5250
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5250
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02962 // JVNDB: JVNDB-2019-013190 // CNNVD: CNNVD-201912-173 // NVD: CVE-2019-5250

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-863

Trust: 0.8

sources: JVNDB: JVNDB-2019-013190 // NVD: CVE-2019-5250

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-173

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-173

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013190

PATCH
title:huawei-sa-20191204-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en
Trust: 0.8
title:Patch for Huawei Mate 20 Pro Licensing Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197287
Trust: 0.6
title:Huawei Mate 20 Pro Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105642
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02962 // 
            
            
            
            JVNDB: JVNDB-2019-013190 // 
            
            
            
            CNNVD: CNNVD-201912-173

EXTERNAL IDS
db:NVDid:CVE-2019-5250
Trust: 3.0
db:JVNDBid:JVNDB-2019-013190
Trust: 0.8
db:CNVDid:CNVD-2020-02962
Trust: 0.6
db:CNNVDid:CNNVD-201912-173
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02962 // 
            
            
            
            JVNDB: JVNDB-2019-013190 // 
            
            
            
            CNNVD: CNNVD-201912-173 // 
            
            
            
            NVD: CVE-2019-5250

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-5250
Trust: 2.0
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5250
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-02-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02962 // 
            
            
            
            JVNDB: JVNDB-2019-013190 // 
            
            
            
            CNNVD: CNNVD-201912-173 // 
            
            
            
            NVD: CVE-2019-5250

SOURCES
db:CNVDid:CNVD-2020-02962
db:JVNDBid:JVNDB-2019-013190
db:CNNVDid:CNNVD-201912-173
db:NVDid:CVE-2019-5250

LAST UPDATE DATE
2024-11-23T23:04:35.013000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02962date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013190date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-173date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5250date:2024-11-21T04:44:36.273

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02962date:2020-01-20T00:00:00
db:JVNDBid:JVNDB-2019-013190date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-173date:2019-12-04T00:00:00
db:NVDid:CVE-2019-5250date:2019-12-13T15:15:11.240