Details of VAR-201911-0822

ID

VAR-201911-0822

CVE

CVE-2019-5246

TITLE

ELLE-AL00B Vulnerability related to insufficient verification of data reliability in smartphones with software

Trust: 0.8

sources: JVNDB: JVNDB-2019-011958

DESCRIPTION

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution. ELLE-AL00B Software-equipped smartphones are vulnerable to insufficient verification of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei ELLE-AL00B is a smartphone from China's Huawei. There is a security vulnerability in Huawei ELLE-AL00B, which is caused by the system's failure to fully verify the parameters

Trust: 2.16

sources: NVD: CVE-2019-5246 // JVNDB: JVNDB-2019-011958 // CNVD: CNVD-2019-33474

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-33474

AFFECTED PRODUCTS

vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.109\(c00e106r1p21\)	Trust: 1.0
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.155\(c00e150r1p21\)	Trust: 1.0
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.162\(c00e160r2p1\)	Trust: 1.0
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.113\(c00e110r1p21\)	Trust: 1.0
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.125\(c00e120r1p21\)	Trust: 1.0
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.135\(c00e130r1p21\)	Trust: 1.0
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.153\(c00e150r1p21\)	Trust: 1.0
vendor:	huawei	model:	emily-al00b	scope:	eq	version:	9.1.0.109(c00e106r1p21)	Trust: 0.8
vendor:	huawei	model:	emily-al00b	scope:	eq	version:	9.1.0.113(c00e110r1p21)	Trust: 0.8
vendor:	huawei	model:	emily-al00b	scope:	eq	version:	9.1.0.125(c00e120r1p21)	Trust: 0.8
vendor:	huawei	model:	emily-al00b	scope:	eq	version:	9.1.0.135(c00e120r1p21)	Trust: 0.8
vendor:	huawei	model:	emily-al00b	scope:	eq	version:	9.1.0.153(c00e150r1p21)	Trust: 0.8
vendor:	huawei	model:	emily-al00b	scope:	eq	version:	9.1.0.155(c00e150r1p21)	Trust: 0.8
vendor:	huawei	model:	emily-al00b	scope:	eq	version:	9.1.0.162(c00e160r2p1)	Trust: 0.8
vendor:	huawei	model:	elle-al00b 9.1.0.109	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b 9.1.0.113	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b 9.1.0.125	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b 9.1.0.135	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b 9.1.0.153	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b 9.1.0.155	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b 9.1.0.162	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.155c00e150r1p21	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.135c00e130r1p21	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.162c00e160r2p1	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.125c00e120r1p21	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.113c00e110r1p21	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.109c00e106r1p21	Trust: 0.6
vendor:	huawei	model:	elle-al00b	scope:	eq	version:	9.1.0.153c00e150r1p21	Trust: 0.6

sources: CNVD: CNVD-2019-33474 // JVNDB: JVNDB-2019-011958 // CNNVD: CNNVD-201909-1188 // NVD: CVE-2019-5246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5246
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5246
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-33474
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-1188
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5246
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-33474
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5246
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5246
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-33474 // JVNDB: JVNDB-2019-011958 // CNNVD: CNNVD-201909-1188 // NVD: CVE-2019-5246

PROBLEMTYPE DATA

problemtype:

CWE-345

Trust: 1.8

sources: JVNDB: JVNDB-2019-011958 // NVD: CVE-2019-5246

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201909-1188

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011958

PATCH

title:	huawei-sa-20190925-01-codeexecution	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-codeexecution-en	Trust: 0.8
title:	Patch for Huawei ELLE-AL00B Insufficient Verification Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/182395	Trust: 0.6
title:	Huawei ELLE-AL00B Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98596	Trust: 0.6

sources: CNVD: CNVD-2019-33474 // JVNDB: JVNDB-2019-011958 // CNNVD: CNNVD-201909-1188

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5246	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011958	Trust: 0.8
db:	CNVD	id:	CNVD-2019-33474	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-1188	Trust: 0.6

sources: CNVD: CNVD-2019-33474 // JVNDB: JVNDB-2019-011958 // CNNVD: CNNVD-201909-1188 // NVD: CVE-2019-5246

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-codeexecution-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5246	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190925-01-codeexecution-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5246	Trust: 0.8

sources: CNVD: CNVD-2019-33474 // JVNDB: JVNDB-2019-011958 // CNNVD: CNNVD-201909-1188 // NVD: CVE-2019-5246

SOURCES

db:	CNVD	id:	CNVD-2019-33474
db:	JVNDB	id:	JVNDB-2019-011958
db:	CNNVD	id:	CNNVD-201909-1188
db:	NVD	id:	CVE-2019-5246

LAST UPDATE DATE

2024-11-23T22:44:47.621000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-33474	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-011958	date:	2019-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201909-1188	date:	2019-11-18T00:00:00
db:	NVD	id:	CVE-2019-5246	date:	2024-11-21T04:44:35.937

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-33474	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-011958	date:	2019-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201909-1188	date:	2019-09-25T00:00:00
db:	NVD	id:	CVE-2019-5246	date:	2019-11-13T00:15:11.653