CVE-2019-5213 — LOW (2.4) — White Hats Nepal

Q: How severe is CVE-2019-5213?

CVE-2019-5213 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5213?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor Play Firmware, Huawei Honor Play.

Vulnerability Description

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.

CVSS Score

2.4

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Honor Play Firmware	< cornell-al00a_9.1.0.321\(c00e320r1p1t8\)
Huawei	Honor Play	-

Related Weaknesses (CWE)

CWE-287

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphVendor Advisory

FAQ

What is CVE-2019-5213?

CVE-2019-5213 is a vulnerability with a CVSS score of 2.4 (LOW). Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. S...

How severe is CVE-2019-5213?

CVE-2019-5213 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5213?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor Play Firmware, Huawei Honor Play.