CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.6%
There is an information disclosure vulnerability in certain Huawei smartphones. The software does not properly handle certain information of application locked by applock in a rare condition, successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2018-08142)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5264.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | alp-al00b_firmware | 8.0.0.153 | cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.153:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.109 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.109:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.134 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.134:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.136 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.136:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.138 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.138:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.139 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.139:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.152 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.152:*:*:*:*:*:*:* |
huawei | alp-l29_firmware | 8.0.0.139 | cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.139:*:*:*:*:*:*:* |
huawei | alp-l29_firmware | 8.0.0.140 | cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.140:*:*:*:*:*:*:* |
huawei | alp-l29_firmware | 8.0.0.142 | cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.142:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.6%