Details of VAR-201911-0258

ID

VAR-201911-0258

CVE

CVE-2019-5308

TITLE

Mate 20 RS Unauthorized authentication vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-012686

DESCRIPTION

Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. The vulnerability stems from the system's improper restrictions on some operations of users in ADB mode. An attacker could use this vulnerability to switch to a third-party desktop

Trust: 2.25

sources: NVD: CVE-2019-5308 // JVNDB: JVNDB-2019-012686 // CNVD: CNVD-2019-44560 // VULMON: CVE-2019-5308

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-44560

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 20 rs	scope:	lt	version:	9.1.0.135\(c786e133r3p1\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	lt	version:	9.1.0.135(c786e133r3p1)	Trust: 0.8
vendor:	huawei	model:	mate rs <9.1.0.135	scope:	eq	version:	20	Trust: 0.6

sources: CNVD: CNVD-2019-44560 // JVNDB: JVNDB-2019-012686 // NVD: CVE-2019-5308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5308
value:	LOW
Trust: 1.0
NVD:	CVE-2019-5308
value:	LOW
Trust: 0.8
CNVD:	CNVD-2019-44560
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201911-1460
value:	LOW
Trust: 0.6
VULMON:	CVE-2019-5308
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-5308
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-44560
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5308
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5308
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-44560 // VULMON: CVE-2019-5308 // JVNDB: JVNDB-2019-012686 // CNNVD: CNNVD-201911-1460 // NVD: CVE-2019-5308

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-863	Trust: 0.8

sources: JVNDB: JVNDB-2019-012686 // NVD: CVE-2019-5308

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-1460

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012686

PATCH

title:	huawei-sa-20191127-01-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-smartphone-en	Trust: 0.8
title:	Patch for Huawei Mate 20 RS improper authorization vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/193523	Trust: 0.6
title:	Huawei Mate 20 RS Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103729	Trust: 0.6
title:	Huawei Security Advisories: Security Advisory - Improper Authorization Vulnerability in Several Smartphones	url:	https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=705b2901adfc0c7fd70974844b866423	Trust: 0.1

sources: CNVD: CNVD-2019-44560 // VULMON: CVE-2019-5308 // JVNDB: JVNDB-2019-012686 // CNNVD: CNNVD-201911-1460

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5308	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-012686	Trust: 0.8
db:	CNVD	id:	CNVD-2019-44560	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1460	Trust: 0.6
db:	VULMON	id:	CVE-2019-5308	Trust: 0.1

sources: CNVD: CNVD-2019-44560 // VULMON: CVE-2019-5308 // JVNDB: JVNDB-2019-012686 // CNNVD: CNNVD-201911-1460 // NVD: CVE-2019-5308

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-smartphone-en	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5308	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191127-01-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5308	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-44560 // VULMON: CVE-2019-5308 // JVNDB: JVNDB-2019-012686 // CNNVD: CNNVD-201911-1460 // NVD: CVE-2019-5308

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-201911-1460

SOURCES

db:	CNVD	id:	CNVD-2019-44560
db:	VULMON	id:	CVE-2019-5308
db:	JVNDB	id:	JVNDB-2019-012686
db:	CNNVD	id:	CNNVD-201911-1460
db:	NVD	id:	CVE-2019-5308

LAST UPDATE DATE

2024-11-23T22:41:18.425000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-44560	date:	2019-12-10T00:00:00
db:	VULMON	id:	CVE-2019-5308	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-012686	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-1460	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-5308	date:	2024-11-21T04:44:43.340

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-44560	date:	2019-12-10T00:00:00
db:	VULMON	id:	CVE-2019-5308	date:	2019-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-012686	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-1460	date:	2019-11-27T00:00:00
db:	NVD	id:	CVE-2019-5308	date:	2019-11-29T21:15:11.480