Sign-up

ID

VAR-201906-0353


CVE

CVE-2019-5245


TITLE

HiSuite Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2019-005469

DESCRIPTION

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. HiSuite Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei HiSuite is a mobile phone assistant application for PC from Huawei, China

Trust: 1.71

sources: NVD: CVE-2019-5245 // JVNDB: JVNDB-2019-005469 // VULHUB: VHN-156680

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:lteversion:9.1.0.300

Trust: 1.8

sources: JVNDB: JVNDB-2019-005469 // NVD: CVE-2019-5245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5245
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5245
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-548
value: MEDIUM

Trust: 0.6

VULHUB: VHN-156680
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5245
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-156680
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5245
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-156680 // JVNDB: JVNDB-2019-005469 // CNNVD: CNNVD-201906-548 // NVD: CVE-2019-5245

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.0

problemtype:CWE-426

Trust: 0.9

sources: VULHUB: VHN-156680 // JVNDB: JVNDB-2019-005469 // NVD: CVE-2019-5245

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-548

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-548

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005469

PATCH
title:huawei-sa-20190612-01-dllhijackingurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en
Trust: 0.8
title:Huawei HiSuite Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93781
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005469 // 
            
            
            
            CNNVD: CNNVD-201906-548

EXTERNAL IDS
db:NVDid:CVE-2019-5245
Trust: 2.5
db:JVNDBid:JVNDB-2019-005469
Trust: 0.8
db:CNNVDid:CNNVD-201906-548
Trust: 0.7
db:VULHUBid:VHN-156680
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156680 // 
            
            
            
            JVNDB: JVNDB-2019-005469 // 
            
            
            
            CNNVD: CNNVD-201906-548 // 
            
            
            
            NVD: CVE-2019-5245

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5245
Trust: 1.4
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5245
Trust: 0.8
sources:
            
            
            VULHUB: VHN-156680 // 
            
            
            
            JVNDB: JVNDB-2019-005469 // 
            
            
            
            CNNVD: CNNVD-201906-548 // 
            
            
            
            NVD: CVE-2019-5245

CREDITS
The vulnerability is caused by CyberArk Labs of Eran Shimony Report to Huawei PSIRT .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201906-548

SOURCES
db:VULHUBid:VHN-156680
db:JVNDBid:JVNDB-2019-005469
db:CNNVDid:CNNVD-201906-548
db:NVDid:CVE-2019-5245

LAST UPDATE DATE
2024-11-23T22:11:59.848000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-156680date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2019-005469date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-548date:2019-06-17T00:00:00
db:NVDid:CVE-2019-5245date:2024-11-21T04:44:35.823

SOURCES RELEASE DATE
db:VULHUBid:VHN-156680date:2019-06-13T00:00:00
db:JVNDBid:JVNDB-2019-005469date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-548date:2019-06-12T00:00:00
db:NVDid:CVE-2019-5245date:2019-06-13T16:29:01.607