#VU23085 Information disclosure in Huawei Honor play - CVE-2019-5309
Published: November 29, 2019
Vulnerability identifier: #VU23085
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-5309
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei Honor play
Huawei Honor play
Software vendor:
Huawei
Huawei
Description
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper access restrictions. An attacker with physical access to the device can view certain information after a series of operation without unlock the screen lock.
Remediation
Install updates from vendor's website.