Main Vulnerability Database Vulnerabilities #VU18919

Permissions, Privileges, and Access Controls in Huawei products - CVE-2019-5220

Published: June 26, 2019 / Updated: June 26, 2019

Vulnerability identifier: #VU18919

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5220

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Honor Magic 2
Huawei Mate 20
Huawei Mate 20 X

Detailed vulnerability description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to the system does not sufficiently verify the permission. An attacker with physical access to the smartphones can do a certain operation on certain step of setup wizard.

Successful exploitation of this vulnerability may allow an attacker to bypass the FRP protection.

How to mitigate CVE-2019-5220

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190626-01-frp-en

Permissions, Privileges, and Access Controls in Huawei products - CVE-2019-5220

Detailed vulnerability description

How to mitigate CVE-2019-5220

Sources

Please verify you're human