ID

VAR-201912-0804


CVE

CVE-2019-5252


TITLE

plural Huawei Authentication vulnerabilities in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013801

DESCRIPTION

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant. plural Huawei An authentication vulnerability exists in smartphone products.Information may be obtained and information may be altered. Huawei Y9 and other smartphones from China's Huawei. A number of Huawei products have authorization issue vulnerabilities

Trust: 2.16

sources: NVD: CVE-2019-5252 // JVNDB: JVNDB-2019-013801 // CNVD: CNVD-2020-01013

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-01013

AFFECTED PRODUCTS

vendor:huaweimodel:honor <9.1.0.237scope:eqversion:8x

Trust: 1.2

vendor:huaweimodel:honor 9iscope:eqversion: -

Trust: 1.2

vendor:huaweimodel:honor 8xscope:ltversion:9.1.0.217\(c00e15r3p2t8\)

Trust: 1.0

vendor:huaweimodel:honor 9iscope:ltversion:9.1.0.115\(c00e113r1p6t8\)

Trust: 1.0

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.136\(c636e5r1p5t8\)

Trust: 1.0

vendor:huaweimodel:y6 proscope:ltversion:9.1.0.248\(c636e5r3p1\)

Trust: 1.0

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.124\(c00e112r2p10t8\)

Trust: 1.0

vendor:huaweimodel:honor 8xscope:ltversion:9.1.0.237\(c636e2r4p1t8\)

Trust: 1.0

vendor:huaweimodel:honor 8xscope:ltversion:9.1.0.237\(c432e1r3p2t8\)

Trust: 1.0

vendor:huaweimodel:honor 9iscope:ltversion:9.1.0.122\(c636e4r1p4t8\)

Trust: 1.0

vendor:huaweimodel:enjoy 8 plusscope:ltversion:9.1.0.124\(c00e112r1p6t8\)

Trust: 1.0

vendor:huaweimodel:y9scope:ltversion:9.1.0.131\(c432e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:enjoy 8 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 8xscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9iscope: - version: -

Trust: 0.8

vendor:huaweimodel:y6 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:y9scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor <9.1.0.217scope:eqversion:8x

Trust: 0.6

vendor:huaweimodel:honor lite <9.1.0.124scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:honor lite <9.1.0.136scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:honor 9i <9.1.0.115scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor 9i <9.1.0.122scope: - version: -

Trust: 0.6

vendor:huaweimodel:y6 pro <9.1.0.248scope: - version: -

Trust: 0.6

vendor:huaweimodel:y9 <9.1.0.131scope: - version: -

Trust: 0.6

vendor:huaweimodel:y9 <9.1.0.139scope: - version: -

Trust: 0.6

vendor:huaweimodel:enjoy plusscope:eqversion:8<9.1.0.124

Trust: 0.6

vendor:huaweimodel:honor 9iscope:eqversion:9.1.0.120c00e113r1p6t8

Trust: 0.6

vendor:huaweimodel:honor 9 litescope:eqversion:9.1.0.124c00e112r2p10t8

Trust: 0.6

vendor:huaweimodel:honor 9iscope:eqversion:9.1.0.121c432e4r1p3t8

Trust: 0.6

vendor:huaweimodel:honor 9 litescope:eqversion: -

Trust: 0.6

vendor:huaweimodel:honor 9 litescope:eqversion:9.1.0.130c00e112r2p10t8

Trust: 0.6

vendor:huaweimodel:honor 9iscope:eqversion:9.1.0.106sp53c636e2r1p4t8

Trust: 0.6

sources: CNVD: CNVD-2020-01013 // JVNDB: JVNDB-2019-013801 // CNNVD: CNNVD-201912-203 // NVD: CVE-2019-5252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5252
value: LOW

Trust: 1.0

NVD: CVE-2019-5252
value: LOW

Trust: 0.8

CNVD: CNVD-2020-01013
value: LOW

Trust: 0.6

CNNVD: CNNVD-201912-203
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-5252
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-01013
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5252
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2019-5252
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-01013 // JVNDB: JVNDB-2019-013801 // CNNVD: CNNVD-201912-203 // NVD: CVE-2019-5252

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-013801 // NVD: CVE-2019-5252

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-203

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013801

PATCH

title:huawei-sa-20191204-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en

Trust: 0.8

title:Patch for Multiple Huawei Product Licensing Issues Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/196423

Trust: 0.6

title:Multiple Huawei Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104004

Trust: 0.6

sources: CNVD: CNVD-2020-01013 // JVNDB: JVNDB-2019-013801 // CNNVD: CNNVD-201912-203

EXTERNAL IDS

db:NVDid:CVE-2019-5252

Trust: 3.0

db:JVNDBid:JVNDB-2019-013801

Trust: 0.8

db:CNVDid:CNVD-2020-01013

Trust: 0.6

db:CNNVDid:CNNVD-201912-203

Trust: 0.6

sources: CNVD: CNVD-2020-01013 // JVNDB: JVNDB-2019-013801 // CNNVD: CNNVD-201912-203 // NVD: CVE-2019-5252

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5252

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-01-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5252

Trust: 0.8

sources: CNVD: CNVD-2020-01013 // JVNDB: JVNDB-2019-013801 // CNNVD: CNNVD-201912-203 // NVD: CVE-2019-5252

CREDITS

Fan Yukun

Trust: 0.6

sources: CNNVD: CNNVD-201912-203

SOURCES

db:CNVDid:CNVD-2020-01013
db:JVNDBid:JVNDB-2019-013801
db:CNNVDid:CNNVD-201912-203
db:NVDid:CVE-2019-5252

LAST UPDATE DATE

2024-11-23T22:05:55.763000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-01013date:2020-01-08T00:00:00
db:JVNDBid:JVNDB-2019-013801date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-203date:2019-12-30T00:00:00
db:NVDid:CVE-2019-5252date:2024-11-21T04:44:36.510

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-01013date:2020-01-08T00:00:00
db:JVNDBid:JVNDB-2019-013801date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-203date:2019-12-04T00:00:00
db:NVDid:CVE-2019-5252date:2019-12-14T00:15:11.040