CVE-2019-5223
Description
PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper authentication in Huawei PCManager driver interface allows local attackers to execute arbitrary code via a crafted application.
Vulnerability
Huawei PCManager version 9.1.3.1 contains an improper authentication vulnerability in a certain driver interface. The driver does not properly validate user-mode data, allowing a local attacker to bypass authentication checks. This affects PCManager 9.1.3.1 only; the fixed version is 9.1.3.25 [1].
Exploitation
Exploitation requires the attacker to trick the user into installing a malicious application or plug-in on the same system. Once installed, the attacker can send crafted user-mode data to the vulnerable driver interface, triggering the authentication bypass. No additional privileges are needed beyond local access [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code with kernel-level privileges, leading to full system compromise. This can result in data disclosure, modification, or denial of service [1].
Mitigation
Huawei released PCManager version 9.1.3.25 to fix this vulnerability. Users should update to the latest version. No workarounds are documented. The vulnerability is not listed on CISA KEV [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Huawei/PC Managerv5Range: PCManager 9.1.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20190718-01-pcmanager-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.