CVE-2019-5213 - OpenCVE

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Honor Play Honor Play Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2019-11-12T22:47:47

Updated: 2024-08-04T19:47:56.790Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5213

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-12T23:15:10.160

Modified: 2019-11-15T13:45:29.157

Link: CVE-2019-5213

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Honor play", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)"}]}], "descriptions": [{"lang": "en", "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-12T22:47:47", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5213", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Honor play", "version": {"version_data": [{"version_value": "Versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Authentication"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en", "refsource": "MISC", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.790Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5213", "datePublished": "2019-11-12T22:47:47", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.790Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "434EFE4E-FA21-4703-BF6C-5DB602E5EA63", "versionEndExcluding": "cornell-al00a_9.1.0.321\\(c00e320r1p1t8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B4BC963-31B0-4731-8D15-3EFD00E463BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock."}, {"lang": "es", "value": "Tel\u00e9fonos Inteligentes Honor Play con versiones anteriores a Cornell-AL00A versi\u00f3n 9.1.0.321 (C00E320R1P1T8), presentan una vulnerabilidad de autenticaci\u00f3n insuficiente. El sistema presenta un error de juez l\u00f3gico bajo cierto escenario. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante modificar la configuraci\u00f3n del reloj de alarma posterior a una serie de operaciones poco comunes sin desbloquear el bloqueo de pantalla."}], "id": "CVE-2019-5213", "lastModified": "2019-11-15T13:45:29.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-12T23:15:10.160", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}