Vulnerability Description
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Honor Magic 2 Firmware | < tony-al00b_9.1.0.216\(c00e214r2p1\) |
| Huawei | Honor Magic 2 | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190717-01-input-Vendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190717-01-input-Vendor Advisory
FAQ
What is CVE-2019-5222?
CVE-2019-5222 is a vulnerability with a CVSS score of 5.5 (MEDIUM). There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit cert...
How severe is CVE-2019-5222?
CVE-2019-5222 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5222?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor Magic 2 Firmware, Huawei Honor Magic 2.