Sign-up

ID

VAR-201911-0829


CVE

CVE-2019-5224


TITLE

P30 Smartphone out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012818

DESCRIPTION

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure. The Huawei P30 is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5224 // JVNDB: JVNDB-2019-012818 // CNVD: CNVD-2019-33607

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33607

AFFECTED PRODUCTS

vendor:huaweimodel:p30scope:ltversion:elle-al00b_9.1.0.193\(c00e190r1p21\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:elle-al00b 9.1.0.193(c00e190r1p21)

Trust: 0.8

vendor:huaweimodel:p30 <elle-al00b 9.1.0.193scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-33607 // JVNDB: JVNDB-2019-012818 // NVD: CVE-2019-5224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5224
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5224
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-33607
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-1740
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5224
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33607
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5224
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5224
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-33607 // JVNDB: JVNDB-2019-012818 // CNNVD: CNNVD-201908-1740 // NVD: CVE-2019-5224

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-012818 // NVD: CVE-2019-5224

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1740

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1740

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012818

PATCH
title:huawei-sa-20190821-03-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-03-smartphone-en
Trust: 0.8
title:Patch for Huawei P30 read out of bounds vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182797
Trust: 0.6
title:Huawei P30 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97324
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33607 // 
            
            
            
            JVNDB: JVNDB-2019-012818 // 
            
            
            
            CNNVD: CNNVD-201908-1740

EXTERNAL IDS
db:NVDid:CVE-2019-5224
Trust: 3.0
db:JVNDBid:JVNDB-2019-012818
Trust: 0.8
db:CNVDid:CNVD-2019-33607
Trust: 0.6
db:CNNVDid:CNNVD-201908-1740
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33607 // 
            
            
            
            JVNDB: JVNDB-2019-012818 // 
            
            
            
            CNNVD: CNNVD-201908-1740 // 
            
            
            
            NVD: CVE-2019-5224

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-03-smartphone-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5224
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190821-03-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5224
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-33607 // 
            
            
            
            JVNDB: JVNDB-2019-012818 // 
            
            
            
            CNNVD: CNNVD-201908-1740 // 
            
            
            
            NVD: CVE-2019-5224

CREDITS
The vulnerability was discovered by an external researcher.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1740

SOURCES
db:CNVDid:CNVD-2019-33607
db:JVNDBid:JVNDB-2019-012818
db:CNNVDid:CNNVD-201908-1740
db:NVDid:CVE-2019-5224

LAST UPDATE DATE
2024-11-23T22:33:39.539000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-33607date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-012818date:2019-12-13T00:00:00
db:CNNVDid:CNNVD-201908-1740date:2019-12-12T00:00:00
db:NVDid:CVE-2019-5224date:2024-11-21T04:44:33.387

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-33607date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-012818date:2019-12-13T00:00:00
db:CNNVDid:CNNVD-201908-1740date:2019-08-21T00:00:00
db:NVDid:CVE-2019-5224date:2019-11-29T20:15:11.097