CVE-2019-5250

Опубликовано: 13 дек. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*

Версия до 9.1.0.135\(c00e133r3p1\) (исключая)

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-35fq-rqch-cg5p

github

больше 3 лет назад