Sign-up

ID

VAR-201911-0269


CVE

CVE-2019-5263


TITLE

HiSuite and HwBackup Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-012887

DESCRIPTION

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. HiSuite and HwBackup Contains an information disclosure vulnerability.Information may be obtained. Both Huawei HiSuite and HwBackup are products of the Chinese company Huawei. Huawei HiSuite is a mobile assistant application for PC. HwBackup is a mobile phone backup data storage program

Trust: 1.71

sources: NVD: CVE-2019-5263 // JVNDB: JVNDB-2019-012887 // VULHUB: VHN-156698

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:lteversion:9.1.0.305

Trust: 1.8

vendor:huaweimodel:hwbackupscope:lteversion:9.1.1.308

Trust: 1.0

vendor:huaweimodel:hisuitescope:lteversion:9.1.0.305(mac)

Trust: 0.8

vendor:huaweimodel:hwbackupscope:ltversion:9.1.1.308

Trust: 0.8

sources: JVNDB: JVNDB-2019-012887 // NVD: CVE-2019-5263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5263
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5263
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-1734
value: MEDIUM

Trust: 0.6

VULHUB: VHN-156698
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-5263
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-156698
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5263
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5263
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-156698 // JVNDB: JVNDB-2019-012887 // CNNVD: CNNVD-201908-1734 // NVD: CVE-2019-5263

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.1

problemtype:CWE-200

Trust: 0.8

sources: VULHUB: VHN-156698 // JVNDB: JVNDB-2019-012887 // NVD: CVE-2019-5263

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1734

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-1734

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012887

PATCH
title:huawei-sa-20190821-01-backupurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en
Trust: 0.8
title:Huawei HiSuite  and HwBackup Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97321
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-012887 // 
            
            
            
            CNNVD: CNNVD-201908-1734

EXTERNAL IDS
db:NVDid:CVE-2019-5263
Trust: 2.5
db:JVNDBid:JVNDB-2019-012887
Trust: 0.8
db:CNNVDid:CNNVD-201908-1734
Trust: 0.7
db:VULHUBid:VHN-156698
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156698 // 
            
            
            
            JVNDB: JVNDB-2019-012887 // 
            
            
            
            CNNVD: CNNVD-201908-1734 // 
            
            
            
            NVD: CVE-2019-5263

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5263
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5263
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190821-01-backup-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-156698 // 
            
            
            
            JVNDB: JVNDB-2019-012887 // 
            
            
            
            CNNVD: CNNVD-201908-1734 // 
            
            
            
            NVD: CVE-2019-5263

CREDITS
The vulnerability was discovered by security researchers.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1734

SOURCES
db:VULHUBid:VHN-156698
db:JVNDBid:JVNDB-2019-012887
db:CNNVDid:CNNVD-201908-1734
db:NVDid:CVE-2019-5263

LAST UPDATE DATE
2024-11-23T21:36:32.770000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-156698date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-012887date:2019-12-16T00:00:00
db:CNNVDid:CNNVD-201908-1734date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5263date:2024-11-21T04:44:37.923

SOURCES RELEASE DATE
db:VULHUBid:VHN-156698date:2019-11-29T00:00:00
db:JVNDBid:JVNDB-2019-012887date:2019-12-16T00:00:00
db:CNNVDid:CNNVD-201908-1734date:2019-08-21T00:00:00
db:NVDid:CVE-2019-5263date:2019-11-29T20:15:12.003