Main Vulnerability Database Vulnerabilities #VU23618

Information disclosure in Huawei products - CVE-2019-5264

Published: December 16, 2019

Vulnerability identifier: #VU23618

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5264

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Mate 10
Huawei Mate 10 Pro
Huawei Honor V10
Changxiang 7S
Huawei P-smart
Changxiang 8 Plus
Huawei Y9 2018
Huawei Honor 9 Lite
Huawei Honor 9i
Huawei Mate 9

Detailed vulnerability description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected software does not properly handle certain information of application locked by applock in a rare condition. An attacker with physical access to the device can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2019-5264

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en

Information disclosure in Huawei products - CVE-2019-5264

Detailed vulnerability description

How to mitigate CVE-2019-5264

Sources

Please verify you're human