ID

VAR-201908-0040


CVE

CVE-2019-5301


TITLE

Huawei Honor V20 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-33613 // CNNVD: CNNVD-201908-543

DESCRIPTION

Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information. Huawei Honor is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5301 // JVNDB: JVNDB-2019-007664 // CNVD: CNVD-2019-33613

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33613

AFFECTED PRODUCTS

vendor:huaweimodel:honor v20scope:ltversion:9.0.1.161\(c00e161r2p2\)

Trust: 1.0

vendor:huaweimodel:honor v20scope:ltversion:9.0.1.161(c00e161r2p2)

Trust: 0.8

vendor:huaweimodel:honor 9.0.1.161scope:eqversion:v20<v20

Trust: 0.6

sources: CNVD: CNVD-2019-33613 // JVNDB: JVNDB-2019-007664 // NVD: CVE-2019-5301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5301
value: LOW

Trust: 1.0

NVD: CVE-2019-5301
value: LOW

Trust: 0.8

CNVD: CNVD-2019-33613
value: LOW

Trust: 0.6

CNNVD: CNNVD-201908-543
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-5301
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33613
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5301
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-33613 // JVNDB: JVNDB-2019-007664 // CNNVD: CNNVD-201908-543 // NVD: CVE-2019-5301

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-007664 // NVD: CVE-2019-5301

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-543

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-543

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007664

PATCH

title:huawei-sa-20190807-01-mobileurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190807-01-mobile-en

Trust: 0.8

title:Patch for Huawei Honor V20 Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182799

Trust: 0.6

title:Huawei Honor V20 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96240

Trust: 0.6

sources: CNVD: CNVD-2019-33613 // JVNDB: JVNDB-2019-007664 // CNNVD: CNNVD-201908-543

EXTERNAL IDS

db:NVDid:CVE-2019-5301

Trust: 3.0

db:JVNDBid:JVNDB-2019-007664

Trust: 0.8

db:CNVDid:CNVD-2019-33613

Trust: 0.6

db:CNNVDid:CNNVD-201908-543

Trust: 0.6

sources: CNVD: CNVD-2019-33613 // JVNDB: JVNDB-2019-007664 // CNNVD: CNNVD-201908-543 // NVD: CVE-2019-5301

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190807-01-mobile-en

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5301

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5301

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190807-01-mobile-cn

Trust: 0.6

sources: CNVD: CNVD-2019-33613 // JVNDB: JVNDB-2019-007664 // CNNVD: CNNVD-201908-543 // NVD: CVE-2019-5301

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-201908-543

SOURCES

db:CNVDid:CNVD-2019-33613
db:JVNDBid:JVNDB-2019-007664
db:CNNVDid:CNNVD-201908-543
db:NVDid:CVE-2019-5301

LAST UPDATE DATE

2024-11-23T22:37:45.445000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-33613date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-007664date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-543date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5301date:2024-11-21T04:44:42.227

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-33613date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-007664date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-543date:2019-08-07T00:00:00
db:NVDid:CVE-2019-5301date:2019-08-08T17:15:11.580