CVE-2019-5292

EUVD-2019-14897
Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
huaweihonor_10_lite_firmware
𝑥
< 9.1.0.217\(c00e215r3p1\)
huaweihonor_8a_firmware
𝑥
< 9.1.0.205\(c00e97r1p9\)
huaweihuawei_y6_firmware
𝑥
< 9.1.0.205\(c00e97r2p2\)
𝑥
= Vulnerable software versions
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-phone-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-phone-en