Vulnerability Description
Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Honor View 10 Firmware | < berkeley-al20_9.0.0.125\(c00e125r2p14t8\) |
| Huawei | Honor View 10 | - |
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-Vendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-Vendor Advisory
FAQ
What is CVE-2019-5295?
CVE-2019-5295 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can...
How severe is CVE-2019-5295?
CVE-2019-5295 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5295?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor View 10 Firmware, Huawei Honor View 10.