CVE-2019-5252

CWE-287 — Improper Authentication3 documents3 sources

Severity

3.5LOW

EPSS

0.1%

top 84.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Enjoy 8 Plus Firmware Huawei Honor 8X Firmware Huawei Honor 9 Lite Firmware +3 more

Timeline

PublishedDec 14

Latest updateMay 24

Description

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 0.9 | Impact: 2.5

Affected Packages6 packages

▶NVDhuawei/honor_9_lite_firmware< 9.1.0.124\(c00e112r2p10t8\)+1

▶NVDhuawei/honor_8x_firmware< 9.1.0.217\(c00e15r3p2t8\)+2

▶NVDhuawei/honor_9i_firmware< 9.1.0.115\(c00e113r1p6t8\)+1

▶NVDhuawei/y9_firmware< 9.1.0.131\(c432e6r1p5t8\)

▶NVDhuawei/y6_pro_firmware< 9.1.0.248\(c636e5r3p1\)

🔴Vulnerability Details

GHSA

GHSA-252p-r436-cv4f: There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro)↗2022-05-24

▶

CVEList

CVE-2019-5252: There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro)↗2019-12-13

▶