#VU23618 Information disclosure in Huawei products - CVE-2019-5264
Published: December 16, 2019
Vulnerability identifier: #VU23618
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-5264
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei Mate 10
Huawei Mate 10 Pro
Huawei Honor V10
Changxiang 7S
Huawei P-smart
Changxiang 8 Plus
Huawei Y9 2018
Huawei Honor 9 Lite
Huawei Honor 9i
Huawei Mate 9
Huawei Mate 10
Huawei Mate 10 Pro
Huawei Honor V10
Changxiang 7S
Huawei P-smart
Changxiang 8 Plus
Huawei Y9 2018
Huawei Honor 9 Lite
Huawei Honor 9i
Huawei Mate 9
Software vendor:
Huawei
Huawei
Description
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected software does not properly handle certain information of application locked by applock in a rare condition. An attacker with physical access to the device can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.