CVE-2019-5213

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.

CVSS v3 2.4 LOW
CVSS v2.0 1.9 LOW

2.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-12 23:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-5213

Mitre link : CVE-2019-5213

CVE.ORG link : CVE-2019-5213

JSON object : View

Products Affected

huawei

honor_play
honor_play_firmware

CWE

CWE-287

Improper Authentication

{"id": "CVE-2019-5213", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2019-11-12T23:15:10.160", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."}, {"lang": "es", "value": "Tel\u00e9fonos Inteligentes Honor Play con versiones anteriores a Cornell-AL00A versi\u00f3n 9.1.0.321 (C00E320R1P1T8), presentan una vulnerabilidad de autenticaci\u00f3n insuficiente. El sistema presenta un error de juez l\u00f3gico bajo cierto escenario. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante modificar la configuraci\u00f3n del reloj de alarma posterior a una serie de operaciones poco comunes sin desbloquear el bloqueo de pantalla."}], "lastModified": "2019-11-15T13:45:29.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "434EFE4E-FA21-4703-BF6C-5DB602E5EA63", "versionEndExcluding": "cornell-al00a_9.1.0.321\\(c00e320r1p1t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B4BC963-31B0-4731-8D15-3EFD00E463BE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}