Lucene search

HuaweiCVE-2019-5292

HistoryNov 13, 2019 - 4:15 p.m.

CVE-2019-5292

2019-11-1316:15:11

huawei

web.nvd.nist.gov

huawei

mobile phones

information leak vulnerability

cve-2019-5292

security issue

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.

Affected configurations

Nvd

Vulners

Node

huaweihonor_10_lite_firmwareRange<9.1.0.217\(c00e215r3p1\)

AND

huaweihonor_10_liteMatch-

Node

huaweihonor_8a_firmwareRange<9.1.0.205\(c00e97r1p9\)

AND

huaweihonor_8aMatch-

Node

huaweihuawei_y6_firmwareRange<9.1.0.205\(c00e97r2p2\)

AND

huaweihuawei_y6Match-

VendorProductVersionCPE
huaweihonor_10_lite_firmware*cpe:2.3:o:huawei:honor_10_lite_firmware:*:*:*:*:*:*:*:*
huaweihonor_10_lite-cpe:2.3:h:huawei:honor_10_lite:-:*:*:*:*:*:*:*
huaweihonor_8a_firmware*cpe:2.3:o:huawei:honor_8a_firmware:*:*:*:*:*:*:*:*
huaweihonor_8a-cpe:2.3:h:huawei:honor_8a:-:*:*:*:*:*:*:*
huaweihuawei_y6_firmware*cpe:2.3:o:huawei:huawei_y6_firmware:*:*:*:*:*:*:*:*
huaweihuawei_y6-cpe:2.3:h:huawei:huawei_y6:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	honor_10_lite_firmware	*	cpe:2.3:o:huawei:honor_10_lite_firmware::::::::
huawei	honor_10_lite	-	cpe:2.3:h:huawei:honor_10_lite:-:::::::*
huawei	honor_8a_firmware	*	cpe:2.3:o:huawei:honor_8a_firmware::::::::
huawei	honor_8a	-	cpe:2.3:h:huawei:honor_8a:-:::::::*
huawei	huawei_y6_firmware	*	cpe:2.3:o:huawei:huawei_y6_firmware::::::::
huawei	huawei_y6	-	cpe:2.3:h:huawei:huawei_y6:-:::::::*

CNA Affected

[
  {
    "product": "Honor 10 Lite, Honor 8A, Huawei Y6",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "The versions before 9.1.0.217(C00E215R3P1), The versions before 9.1.0.205(C00E97R1P9), The versions before 9.1.0.205(C00E97R2P2)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-phone-en

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-5292