ID

VAR-201906-0356


CVE

CVE-2019-5216


TITLE

plural Huawei Vulnerability related to the race condition in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-005374

DESCRIPTION

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code. HuaweiHonorV10, 10 and Play are all Huawei smartphone products of China

Trust: 2.16

sources: NVD: CVE-2019-5216 // JVNDB: JVNDB-2019-005374 // CNVD: CNVD-2019-02519

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-02519

AFFECTED PRODUCTS

vendor:huaweimodel:honor view 10scope:ltversion:berkeley-al20_9.0.0.156\(c00e156r2p14t8\)

Trust: 1.0

vendor:huaweimodel:honor playscope:ltversion:cornell-al00a_9.0.0.156\(c00e156r1p13t8\)

Trust: 1.0

vendor:huaweimodel:honor 10scope:ltversion:columbia-al10b_9.0.0.156\(c00e156r1p20t8\)

Trust: 1.0

vendor:huaweimodel:honor 10scope:ltversion:columbia-al10b 9.0.0.156(c00e156r1p20t8)

Trust: 0.8

vendor:huaweimodel:honor playscope:ltversion:cornell-al00a 9.0.0.156(c00e156r1p13t8)

Trust: 0.8

vendor:huaweimodel:honor view 10scope:ltversion:berkeley-al20 9.0.0.156(c00e156r2p14t8)

Trust: 0.8

vendor:huaweimodel:honor <berkeley-al20 9.0.0.156scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor <columbia-al10b 9.0.0.156scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:honor play <cornell-al00a 9.0.0.156scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-02519 // JVNDB: JVNDB-2019-005374 // NVD: CVE-2019-5216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5216
value: HIGH

Trust: 1.0

NVD: CVE-2019-5216
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-02519
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-731
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5216
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-02519
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5216
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-02519 // JVNDB: JVNDB-2019-005374 // CNNVD: CNNVD-201901-731 // NVD: CVE-2019-5216

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.8

sources: JVNDB: JVNDB-2019-005374 // NVD: CVE-2019-5216

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-731

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-731

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005374

PATCH

title:huawei-sa-20190116-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en

Trust: 0.8

title:HuaweiHonorV10, 10 and Play Competition Conditions Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/151163

Trust: 0.6

title:Huawei Honor V10 , 10 and Play Repair measures for competitive conditionsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88847

Trust: 0.6

sources: CNVD: CNVD-2019-02519 // JVNDB: JVNDB-2019-005374 // CNNVD: CNNVD-201901-731

EXTERNAL IDS

db:NVDid:CVE-2019-5216

Trust: 3.0

db:JVNDBid:JVNDB-2019-005374

Trust: 0.8

db:CNVDid:CNVD-2019-02519

Trust: 0.6

db:CNNVDid:CNNVD-201901-731

Trust: 0.6

sources: CNVD: CNVD-2019-02519 // JVNDB: JVNDB-2019-005374 // CNNVD: CNNVD-201901-731 // NVD: CVE-2019-5216

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5216

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5216

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190116-01-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2019-02519 // JVNDB: JVNDB-2019-005374 // CNNVD: CNNVD-201901-731 // NVD: CVE-2019-5216

SOURCES

db:CNVDid:CNVD-2019-02519
db:JVNDBid:JVNDB-2019-005374
db:CNNVDid:CNNVD-201901-731
db:NVDid:CVE-2019-5216

LAST UPDATE DATE

2024-11-23T23:01:49.285000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-02519date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-005374date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201901-731date:2019-06-11T00:00:00
db:NVDid:CVE-2019-5216date:2024-11-21T04:44:31.960

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-02519date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-005374date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201901-731date:2019-01-17T00:00:00
db:NVDid:CVE-2019-5216date:2019-06-06T15:29:01.157