CVE-2019-5297

{"id": "CVE-2019-5297", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2019-06-04T19:29:00.507", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone."}, {"lang": "es", "value": "Las versiones de tel\u00e9fonos Huawei de Emily-L29C anteriores a las versiones 9.0.0.159 (C185E2R1P12T8) tienen una vulnerabilidad de seguridad de omisi\u00f3n de la Protecci\u00f3n de restablecimiento de f\u00e1brica (FRP). Antes de que se verifique y active la cuenta de FRP durante el proceso de reinicio, el atacante puede realizar algunas operaciones especiales para omitir la funci\u00f3n de FRP y obtener el derecho de usar el tel\u00e9fono m\u00f3vil."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "154669A5-8516-4622-BCC9-FADD258EB684", "versionEndExcluding": "9.0.0.159"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}