Vulnerability Description
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Enjoy 8 Plus Firmware | < 9.1.0.124\(c00e112r1p6t8\) |
| Huawei | Enjoy 8 Plus | - |
| Huawei | Y9 Firmware | < 9.1.0.131\(c432e6r1p5t8\) |
| Huawei | Y9 | - |
| Huawei | Honor 8X Firmware | < 9.1.0.217\(c00e15r3p2t8\) |
| Huawei | Honor 8X | - |
| Huawei | Honor 9 Lite Firmware | < 9.1.0.124\(c00e112r2p10t8\) |
| Huawei | Honor 9 Lite | - |
| Huawei | Honor 9I Firmware | < 9.1.0.115\(c00e113r1p6t8\) |
| Huawei | Honor 9I | - |
| Huawei | Y6 Pro Firmware | < 9.1.0.248\(c636e5r3p1\) |
| Huawei | Y6 Pro | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartpVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartpVendor Advisory
FAQ
What is CVE-2019-5252?
CVE-2019-5252 is a vulnerability with a CVSS score of 3.5 (LOW). There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Su...
How severe is CVE-2019-5252?
CVE-2019-5252 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5252?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Enjoy 8 Plus Firmware, Huawei Enjoy 8 Plus, Huawei Y9 Firmware, Huawei Y9, Huawei Honor 8X Firmware.