CVE-2019-5295

{"id": "CVE-2019-5295", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2019-06-06T15:29:01.343", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes Honor V10 de Huawei versiones anteriores a Berkeley-AL20 9.0.0.125 (C00E125R2P14T8), presentan una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n. Debido a una l\u00f3gica de implementaci\u00f3n de autorizaci\u00f3n inapropiada, atacantes pueden omitir ciertos \u00e1mbitos de autorizaci\u00f3n de los tel\u00e9fonos inteligentes mediante la ejecuci\u00f3n de operaciones espec\u00edficas. Esta vulnerabilidad puede ser explotada para realizar operaciones m\u00e1s all\u00e1 del alcance de la autorizaci\u00f3n."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_view_10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7DF0888-0245-47D8-91A4-77B017038198", "versionEndExcluding": "berkeley-al20_9.0.0.125\\(c00e125r2p14t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_view_10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E788B81C-69DB-4A13-AC70-1E17120CB82E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}