CVE-2019-5295
Summary
| CVE | CVE-2019-5295 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-06 15:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Huawei | Honor View 10 | - | All | All | All |
| Hardware | Huawei | Honor View 10 | - | All | All | All |
| Operating System | Huawei | Honor View 10 Firmware | All | All | All | All |
| Operating System | Huawei | Honor View 10 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone | CONFIRM | www.huawei.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.