Details of VAR-201911-0264

ID

VAR-201911-0264

CVE

CVE-2019-5287

TITLE

P30 Integer overflow vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-012017

DESCRIPTION

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. P30 Smartphones contain an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei P30 is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5287 // JVNDB: JVNDB-2019-012017 // CNVD: CNVD-2019-33478

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-33478

AFFECTED PRODUCTS

vendor:	huawei	model:	p30	scope:	eq	version:	-	Trust: 1.2
vendor:	huawei	model:	p30	scope:	lt	version:	elle-al00b_9.1.0.193\(c00e190r2p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	elle-al00b 9.1.0.193(c00e190r2p1)	Trust: 0.8
vendor:	huawei	model:	p30 <elle-al00b 9.1.0.193	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.193c00e190r2p1	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	elle-al00b_9.1.0.186c00e180r2p1	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	elle-al00b_9.1.0.193c00e190r1p21	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.226c00e220r2p1	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.166c00e66r1p11	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.173c00e73r1p11	Trust: 0.6

sources: CNVD: CNVD-2019-33478 // JVNDB: JVNDB-2019-012017 // CNNVD: CNNVD-201909-1207 // NVD: CVE-2019-5287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5287
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5287
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-33478
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-1207
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-5287
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-33478
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5287
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5287
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-33478 // JVNDB: JVNDB-2019-012017 // CNNVD: CNNVD-201909-1207 // NVD: CVE-2019-5287

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-012017 // NVD: CVE-2019-5287

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-1207

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1207

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012017

PATCH

title:	huawei-sa-20190925-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en	Trust: 0.8
title:	Patch for Huawei P30 Plastic Overflow Vulnerability (CNVD-2019-33478)	url:	https://www.cnvd.org.cn/patchInfo/show/182411	Trust: 0.6
title:	Huawei P30 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98609	Trust: 0.6

sources: CNVD: CNVD-2019-33478 // JVNDB: JVNDB-2019-012017 // CNNVD: CNNVD-201909-1207

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5287	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012017	Trust: 0.8
db:	CNVD	id:	CNVD-2019-33478	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-1207	Trust: 0.6

sources: CNVD: CNVD-2019-33478 // JVNDB: JVNDB-2019-012017 // CNNVD: CNNVD-201909-1207 // NVD: CVE-2019-5287

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5287	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190925-01-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5287	Trust: 0.8

sources: CNVD: CNVD-2019-33478 // JVNDB: JVNDB-2019-012017 // CNNVD: CNNVD-201909-1207 // NVD: CVE-2019-5287

SOURCES

db:	CNVD	id:	CNVD-2019-33478
db:	JVNDB	id:	JVNDB-2019-012017
db:	CNNVD	id:	CNNVD-201909-1207
db:	NVD	id:	CVE-2019-5287

LAST UPDATE DATE

2024-11-23T22:05:57.254000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-33478	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-012017	date:	2019-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201909-1207	date:	2019-11-19T00:00:00
db:	NVD	id:	CVE-2019-5287	date:	2024-11-21T04:44:40.570

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-33478	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-012017	date:	2019-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201909-1207	date:	2019-09-25T00:00:00
db:	NVD	id:	CVE-2019-5287	date:	2019-11-13T15:15:10.340