CVE-2019-5297 - OpenCVE

Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Emily-l29c Emily-l29c Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2019-06-04T18:19:49

Updated: 2024-08-04T19:54:53.218Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5297

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-06-04T19:29:00.507

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5297

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Emily-L29C", "vendor": "Huawei", "versions": [{"status": "affected", "version": "Version Earlier Than 9.0.0.159(C185E2R1P12T8)"}]}], "datePublic": "2019-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone."}], "problemTypes": [{"descriptions": [{"description": "FRP bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-04T18:19:49", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5297", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Emily-L29C", "version": {"version_data": [{"version_value": "Version Earlier Than 9.0.0.159(C185E2R1P12T8)"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "FRP bypass"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.218Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5297", "datePublished": "2019-06-04T18:19:49", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:54:53.218Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "154669A5-8516-4622-BCC9-FADD258EB684", "versionEndExcluding": "9.0.0.159", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone."}, {"lang": "es", "value": "Las versiones de tel\u00e9fonos Huawei de Emily-L29C anteriores a las versiones 9.0.0.159 (C185E2R1P12T8) tienen una vulnerabilidad de seguridad de omisi\u00f3n de la Protecci\u00f3n de restablecimiento de f\u00e1brica (FRP). Antes de que se verifique y active la cuenta de FRP durante el proceso de reinicio, el atacante puede realizar algunas operaciones especiales para omitir la funci\u00f3n de FRP y obtener el derecho de usar el tel\u00e9fono m\u00f3vil."}], "id": "CVE-2019-5297", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-04T19:29:00.507", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}