CVE-2019-5220

EPSS 0.02%
Published 10.07.2019 18:15:11
Last modified 21.11.2024 04:44:32
Source psirt@huawei.com
Teams watchlist Login
Open Login

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2).

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Mate 20 X Firmware Version < ever-al00b_9.0.0.200\(c00e200r2p1\)

Huawei ≫ Mate 20 X Version-

Huawei ≫ Mate 20 Firmware Version < hima-al00b\/hima-tl00b_9.0.0.200\(c00e200r2p1\)

Huawei ≫ Mate 20 Version-

Huawei ≫ Honor Magic 2 Firmware Version < tony-al00b\/tony-tl00b_9.0.0.182\(c00e180r2p2\)

Huawei ≫ Honor Magic 2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.038

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190626-01-frp-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-5220

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5220

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5220

EUVD