Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-5264 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Huawei Mate 10 Client/Desktop applications / Multimedia software Huawei Mate 10 Pro Client/Desktop applications / Multimedia software Huawei Honor V10 Client/Desktop applications / Multimedia software Changxiang 7S Client/Desktop applications / Multimedia software Huawei P-smart Client/Desktop applications / Multimedia software Changxiang 8 Plus Client/Desktop applications / Multimedia software Huawei Y9 2018 Client/Desktop applications / Multimedia software Huawei Honor 9 Lite Client/Desktop applications / Multimedia software Huawei Honor 9i Client/Desktop applications / Multimedia software Huawei Mate 9 Client/Desktop applications / Multimedia software |
Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU23618
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5264
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected software does not properly handle certain information of application locked by applock in a rare condition. An attacker with physical access to the device can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Mate 10: before 9.0.0.177
Huawei Mate 10 Pro: before 9.0.0.167
Huawei Honor V10: before 9.0.0.159
Changxiang 7S: before 9.1.0.107
Huawei P-smart: before 9.1.0.130
Changxiang 8 Plus: before 9.1.0.111
Huawei Y9 2018: before 9.1.0.120
Huawei Honor 9 Lite: before 9.1.0.121
Huawei Honor 9i: before 9.1.0.112
Huawei Mate 9: before 9.0.1.159
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.