Sign-up

ID

VAR-201911-0824


CVE

CVE-2019-5210


TITLE

Nova 5i pro and Nova 5 Vulnerability related to array index verification in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-012598

DESCRIPTION

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. The Huawei Nova 5i pro and Nova 5 are both smartphones from China's Huawei. 9.1.1.175 (C00E170R3P2)

Trust: 2.16

sources: NVD: CVE-2019-5210 // JVNDB: JVNDB-2019-012598 // CNVD: CNVD-2019-45008

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-45008

AFFECTED PRODUCTS

vendor:huaweimodel:nova 5scope:eqversion: -

Trust: 1.2

vendor:huaweimodel:nova 5i proscope:eqversion: -

Trust: 1.2

vendor:huaweimodel:nova 5i proscope:ltversion:9.1.1.190\(c00e190r6p2\)

Trust: 1.0

vendor:huaweimodel:nova 5scope:ltversion:9.1.1.175\(c00e170r3p2\)

Trust: 1.0

vendor:huaweimodel:nova 5scope:ltversion:9.1.1.175(c00e170r3p2)

Trust: 0.8

vendor:huaweimodel:nova 5i proscope:ltversion:9.1.1.190(c00e190r6p2)

Trust: 0.8

vendor:huaweimodel:nova 5i pro <9.1.1.190scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-45008 // JVNDB: JVNDB-2019-012598 // CNNVD: CNNVD-201911-1200 // NVD: CVE-2019-5210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5210
value: HIGH

Trust: 1.0

NVD: CVE-2019-5210
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-45008
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-1200
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5210
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-45008
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5210
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5210
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-45008 // JVNDB: JVNDB-2019-012598 // CNNVD: CNNVD-201911-1200 // NVD: CVE-2019-5210

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.8

sources: JVNDB: JVNDB-2019-012598 // NVD: CVE-2019-5210

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1200

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1200

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012598

PATCH
title:huawei-sa-20191120-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191120-01-smartphone-en
Trust: 0.8
title:Patch for Huawei Nova 5i Pro and Nova 5 Array Subscript Check Improper Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193883
Trust: 0.6
title:Huawei Nova 5i pro  and Nova 5 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104174
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-45008 // 
            
            
            
            JVNDB: JVNDB-2019-012598 // 
            
            
            
            CNNVD: CNNVD-201911-1200

EXTERNAL IDS
db:NVDid:CVE-2019-5210
Trust: 3.0
db:JVNDBid:JVNDB-2019-012598
Trust: 0.8
db:CNVDid:CNVD-2019-45008
Trust: 0.6
db:CNNVDid:CNNVD-201911-1200
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-45008 // 
            
            
            
            JVNDB: JVNDB-2019-012598 // 
            
            
            
            CNNVD: CNNVD-201911-1200 // 
            
            
            
            NVD: CVE-2019-5210

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191120-01-smartphone-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5210
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191120-01-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5210
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-45008 // 
            
            
            
            JVNDB: JVNDB-2019-012598 // 
            
            
            
            CNNVD: CNNVD-201911-1200 // 
            
            
            
            NVD: CVE-2019-5210

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201911-1200

SOURCES
db:CNVDid:CNVD-2019-45008
db:JVNDBid:JVNDB-2019-012598
db:CNNVDid:CNNVD-201911-1200
db:NVDid:CVE-2019-5210

LAST UPDATE DATE
2024-11-23T22:58:28.907000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-45008date:2019-12-12T00:00:00
db:JVNDBid:JVNDB-2019-012598date:2019-12-09T00:00:00
db:CNNVDid:CNNVD-201911-1200date:2019-12-06T00:00:00
db:NVDid:CVE-2019-5210date:2024-11-21T04:44:31.280

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-45008date:2019-12-12T00:00:00
db:JVNDBid:JVNDB-2019-012598date:2019-12-09T00:00:00
db:CNNVDid:CNNVD-201911-1200date:2019-11-20T00:00:00
db:NVDid:CVE-2019-5210date:2019-11-29T20:15:10.800