CVE-2019-5281 — Huawei Y9 2019 Firmware vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 92.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Y9 2019 Firmware Huawei Y9 2019

Timeline

PublishedJun 4

Latest updateMay 24

Description

There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/y9_2019_firmware< jackman-l21_8.2.0.155\(c185r1p2\)

▶CVEListV5huawei/huawei_y9_2019Version Earlier Than Jackman-L21 8.2.0.155(C185R1P2)

🔴Vulnerability Details

GHSA

GHSA-h3vq-5jgm-fc6c: There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8↗2022-05-24

▶

CVEList

CVE-2019-5281: There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8↗2019-06-04

▶