CVE-2019-5292

Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
huaweihonor_10_lite_firmware
𝑥
< 9.1.0.217\(c00e215r3p1\)
huaweihonor_8a_firmware
𝑥
< 9.1.0.205\(c00e97r1p9\)
huaweihuawei_y6_firmware
𝑥
< 9.1.0.205\(c00e97r2p2\)
𝑥
= Vulnerable software versions
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-phone-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-phone-en