Main Vulnerability Database Vulnerabilities #VU23396

Improper Authentication in Huawei products - CVE-2019-5252

Published: December 4, 2019

Vulnerability identifier: #VU23396

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5252

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Enjoy 8 Plus
Huawei Y9
Huawei Honor 8X
Huawei Honor 9 Lite
Huawei Honor 9i
Huawei Y6 Pro

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due to the applock does not perform a sufficient authentication in a rare condition. An attacker with physical access to the device can use the application locked by applock in an instant when the phone's CPU is almost exhausted.

How to mitigate CVE-2019-5252

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en

Improper Authentication in Huawei products - CVE-2019-5252

Detailed vulnerability description

How to mitigate CVE-2019-5252

Sources

Please verify you're human