Details of VAR-201906-0352

ID

VAR-201906-0352

CVE

CVE-2019-5244

TITLE

Huawei Mate 9 Pro Information disclosure vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-005139

DESCRIPTION

Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak. Huawei Mate 9 Pro LON-L29C An error in the previous version of 8.0.0.361 (C636) was caused by a network system or a product that was configured during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.16

sources: NVD: CVE-2019-5244 // JVNDB: JVNDB-2019-005139 // CNVD: CNVD-2019-41253

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-41253

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 9 pro fimware	scope:	lt	version:	lon-l29c_8.0.0.361\(c636\)	Trust: 1.0
vendor:	huawei	model:	mate 9 pro	scope:	lt	version:	lon-l29c 8.0.0.361(c636)	Trust: 0.8
vendor:	huawei	model:	mate pro <lon-l29c 8.0.0.361	scope:	eq	version:	9	Trust: 0.6

sources: CNVD: CNVD-2019-41253 // JVNDB: JVNDB-2019-005139 // NVD: CVE-2019-5244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5244
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5244
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-41253
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201902-783
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5244
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-41253
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5244
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-41253 // JVNDB: JVNDB-2019-005139 // CNNVD: CNNVD-201902-783 // NVD: CVE-2019-5244

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-005139 // NVD: CVE-2019-5244

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-783

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201902-783

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005139

PATCH

title:	huawei-sa-20190220-01-informationleak	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en	Trust: 0.8
title:	Patch for Huawei Mate 9 Pro Information Disclosure Vulnerability (CNVD-2019-41253)	url:	https://www.cnvd.org.cn/patchInfo/show/190767	Trust: 0.6
title:	Huawei Mate 9 Pro Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89579	Trust: 0.6

sources: CNVD: CNVD-2019-41253 // JVNDB: JVNDB-2019-005139 // CNNVD: CNNVD-201902-783

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5244	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-005139	Trust: 0.8
db:	CNVD	id:	CNVD-2019-41253	Trust: 0.6
db:	CNNVD	id:	CNNVD-201902-783	Trust: 0.6

sources: CNVD: CNVD-2019-41253 // JVNDB: JVNDB-2019-005139 // CNNVD: CNNVD-201902-783 // NVD: CVE-2019-5244

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5244	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190220-01-informationleak-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5244	Trust: 0.8

sources: CNVD: CNVD-2019-41253 // JVNDB: JVNDB-2019-005139 // CNNVD: CNNVD-201902-783 // NVD: CVE-2019-5244

CREDITS

Alexander

Trust: 0.6

sources: CNNVD: CNNVD-201902-783

SOURCES

db:	CNVD	id:	CNVD-2019-41253
db:	JVNDB	id:	JVNDB-2019-005139
db:	CNNVD	id:	CNNVD-201902-783
db:	NVD	id:	CVE-2019-5244

LAST UPDATE DATE

2024-11-23T22:58:39.683000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-41253	date:	2019-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-005139	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201902-783	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-5244	date:	2024-11-21T04:44:35.697

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-41253	date:	2019-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-005139	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201902-783	date:	2019-02-20T00:00:00
db:	NVD	id:	CVE-2019-5244	date:	2019-06-04T18:29:00.800