Sign-up

ID

VAR-201911-0825


CVE

CVE-2019-5211


TITLE

P20 Vulnerability related to input confirmation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-012817

DESCRIPTION

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. P20 Smartphones contain a vulnerability related to input confirmation.Information may be tampered with. Huawei P20 is a smartphone from China's Huawei company

Trust: 2.16

sources: NVD: CVE-2019-5211 // JVNDB: JVNDB-2019-012817 // CNVD: CNVD-2019-41259

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41259

AFFECTED PRODUCTS

vendor:huaweimodel:p20 <emily-l29c 9.1.0.311scope: - version: -

Trust: 2.4

vendor:huaweimodel:p20scope:eqversion: -

Trust: 1.2

vendor:huaweimodel:p20scope:ltversion:emily-l29c_9.1.0.311\(c605e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:emily-l29c_9.1.0.311\(c461e2r1p11t8\)

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:emily-l29c_9.1.0.311\(c10e2r1p13t8\)

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:emily-l29c_9.1.0.311\(c432e7r1p11t8\)

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:emily-l29c 9.1.0.311

Trust: 0.8

vendor:huaweimodel:p20scope:eqversion:emily-l29c_9.1.0.311c432e7r1p11t8

Trust: 0.6

vendor:huaweimodel:p20scope:eqversion:emily-al00a_9.0.0.167c00e81r1p21t8

Trust: 0.6

vendor:huaweimodel:p20scope:eqversion:emily-l29c_9.1.0.311c10e2r1p13t8

Trust: 0.6

vendor:huaweimodel:p20scope:eqversion:emily-al00a_9.1.0.321c00e320r1p1t8

Trust: 0.6

sources: CNVD: CNVD-2019-41259 // JVNDB: JVNDB-2019-012817 // CNNVD: CNNVD-201911-771 // NVD: CVE-2019-5211

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5211
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5211
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41259
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-771
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5211
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41259
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5211
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5211
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41259 // JVNDB: JVNDB-2019-012817 // CNNVD: CNNVD-201911-771 // NVD: CVE-2019-5211

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-012817 // NVD: CVE-2019-5211

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201911-771

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-771

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012817

PATCH
title:huawei-sa-20191113-02-shareurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en
Trust: 0.8
title:Patch for Huawei P20 file management vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/190797
Trust: 0.6
title:Huawei P20 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104680
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41259 // 
            
            
            
            JVNDB: JVNDB-2019-012817 // 
            
            
            
            CNNVD: CNNVD-201911-771

EXTERNAL IDS
db:NVDid:CVE-2019-5211
Trust: 3.0
db:JVNDBid:JVNDB-2019-012817
Trust: 0.8
db:CNVDid:CNVD-2019-41259
Trust: 0.6
db:CNNVDid:CNNVD-201911-771
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41259 // 
            
            
            
            JVNDB: JVNDB-2019-012817 // 
            
            
            
            CNNVD: CNNVD-201911-771 // 
            
            
            
            NVD: CVE-2019-5211

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5211
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191113-02-share-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5211
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41259 // 
            
            
            
            JVNDB: JVNDB-2019-012817 // 
            
            
            
            CNNVD: CNNVD-201911-771 // 
            
            
            
            NVD: CVE-2019-5211

SOURCES
db:CNVDid:CNVD-2019-41259
db:JVNDBid:JVNDB-2019-012817
db:CNNVDid:CNNVD-201911-771
db:NVDid:CVE-2019-5211

LAST UPDATE DATE
2024-11-23T22:55:21.336000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41259date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-012817date:2019-12-13T00:00:00
db:CNNVDid:CNNVD-201911-771date:2019-12-12T00:00:00
db:NVDid:CVE-2019-5211date:2024-11-21T04:44:31.393

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41259date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-012817date:2019-12-13T00:00:00
db:CNNVDid:CNNVD-201911-771date:2019-11-13T00:00:00
db:NVDid:CVE-2019-5211date:2019-11-29T20:15:10.863