Sign-up

ID

VAR-201911-0831


CVE

CVE-2019-5226


TITLE

plural Huawei Vulnerability related to input confirmation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-012738

DESCRIPTION

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Huawei P30 and others are products of China Huawei. The Huawei P30 is a smart phone. The Huawei P30 Pro is a smartphone. Huawei HiSuite is a mobile assistant application for the PC. There are security vulnerabilities in various Huawei products

Trust: 2.16

sources: NVD: CVE-2019-5226 // JVNDB: JVNDB-2019-012738 // CNVD: CNVD-2019-30710

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-30710

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:ltversion:9.1.0.305

Trust: 1.6

vendor:huaweimodel:p30scope:ltversion:elle-al00b_9.1.0.193\(c00e190r2p1\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:vogue-al00a_9.1.0.193\(c00e190r2p1\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:hima-al00b_9.1.0.135\(c00e133r2p1\)

Trust: 1.0

vendor:huaweimodel:hisuitescope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30scope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 <elle-al00b 9.1.0.193scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <vogue-al00a 9.1.0.193scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate <hima-al00b 9.1.0.135scope:eqversion:20x

Trust: 0.6

sources: CNVD: CNVD-2019-30710 // JVNDB: JVNDB-2019-012738 // NVD: CVE-2019-5226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5226
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5226
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-30710
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-205
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5226
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-30710
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5226
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5226
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-30710 // JVNDB: JVNDB-2019-012738 // CNNVD: CNNVD-201909-205 // NVD: CVE-2019-5226

PROBLEMTYPE DATA

problemtype:CWE-346

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-012738 // NVD: CVE-2019-5226

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-205

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-205

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012738

PATCH
title:huawei-sa-20190904-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en
Trust: 0.8
title:Patches for multiple Huawei product version downgrade vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/179199
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97962
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30710 // 
            
            
            
            JVNDB: JVNDB-2019-012738 // 
            
            
            
            CNNVD: CNNVD-201909-205

EXTERNAL IDS
db:NVDid:CVE-2019-5226
Trust: 3.0
db:JVNDBid:JVNDB-2019-012738
Trust: 0.8
db:CNVDid:CNVD-2019-30710
Trust: 0.6
db:NSFOCUSid:44306
Trust: 0.6
db:CNNVDid:CNNVD-201909-205
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30710 // 
            
            
            
            JVNDB: JVNDB-2019-012738 // 
            
            
            
            CNNVD: CNNVD-201909-205 // 
            
            
            
            NVD: CVE-2019-5226

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5226
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190904-01-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5226
Trust: 0.8
url:http://www.nsfocus.net/vulndb/44306
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30710 // 
            
            
            
            JVNDB: JVNDB-2019-012738 // 
            
            
            
            CNNVD: CNNVD-201909-205 // 
            
            
            
            NVD: CVE-2019-5226

CREDITS
vendor
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201909-205

SOURCES
db:CNVDid:CNVD-2019-30710
db:JVNDBid:JVNDB-2019-012738
db:CNNVDid:CNNVD-201909-205
db:NVDid:CVE-2019-5226

LAST UPDATE DATE
2024-11-23T22:05:56.725000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-30710date:2019-09-06T00:00:00
db:JVNDBid:JVNDB-2019-012738date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201909-205date:2019-12-12T00:00:00
db:NVDid:CVE-2019-5226date:2024-11-21T04:44:33.630

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-30710date:2019-09-06T00:00:00
db:JVNDBid:JVNDB-2019-012738date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201909-205date:2019-09-04T00:00:00
db:NVDid:CVE-2019-5226date:2019-11-29T19:15:12.057