Sign-up

ID

VAR-201911-0832


CVE

CVE-2019-5227


TITLE

plural Huawei Vulnerability related to input confirmation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-012739

DESCRIPTION

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Huawei P30 and others are products of China Huawei. The Huawei P30 is a smart phone. The Huawei P30 Pro is a smartphone. Huawei HiSuite is a mobile assistant application for the PC. There are security vulnerabilities in various Huawei products

Trust: 2.16

sources: NVD: CVE-2019-5227 // JVNDB: JVNDB-2019-012739 // CNVD: CNVD-2019-30711

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-30711

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:ltversion:9.1.0.305

Trust: 1.6

vendor:huaweimodel:p30scope:ltversion:elle-al00b_9.1.0.193\(c00e190r2p1\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:vogue-al00a_9.1.0.193\(c00e190r2p1\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:hima-al00b_9.1.0.135\(c00e133r2p1\)

Trust: 1.0

vendor:huaweimodel:hisuitescope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30scope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 <elle-al00b 9.1.0.193scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <vogue-al00a 9.1.0.193scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate <hima-al00b 9.1.0.135scope:eqversion:20x

Trust: 0.6

sources: CNVD: CNVD-2019-30711 // JVNDB: JVNDB-2019-012739 // NVD: CVE-2019-5227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5227
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5227
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-30711
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-199
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5227
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-30711
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5227
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5227
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-30711 // JVNDB: JVNDB-2019-012739 // CNNVD: CNNVD-201909-199 // NVD: CVE-2019-5227

PROBLEMTYPE DATA

problemtype:CWE-346

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-012739 // NVD: CVE-2019-5227

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-199

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012739

PATCH
title:huawei-sa-20190904-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en
Trust: 0.8
title:Patch for Multiple Huawei product version downgrade vulnerabilities (CNVD-2019-30711)url:https://www.cnvd.org.cn/patchInfo/show/179201
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97957
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30711 // 
            
            
            
            JVNDB: JVNDB-2019-012739 // 
            
            
            
            CNNVD: CNNVD-201909-199

EXTERNAL IDS
db:NVDid:CVE-2019-5227
Trust: 3.0
db:JVNDBid:JVNDB-2019-012739
Trust: 0.8
db:CNVDid:CNVD-2019-30711
Trust: 0.6
db:NSFOCUSid:44307
Trust: 0.6
db:CNNVDid:CNNVD-201909-199
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30711 // 
            
            
            
            JVNDB: JVNDB-2019-012739 // 
            
            
            
            CNNVD: CNNVD-201909-199 // 
            
            
            
            NVD: CVE-2019-5227

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5227
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190904-01-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5227
Trust: 0.8
url:http://www.nsfocus.net/vulndb/44307
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30711 // 
            
            
            
            JVNDB: JVNDB-2019-012739 // 
            
            
            
            CNNVD: CNNVD-201909-199 // 
            
            
            
            NVD: CVE-2019-5227

CREDITS
vendor
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201909-199

SOURCES
db:CNVDid:CNVD-2019-30711
db:JVNDBid:JVNDB-2019-012739
db:CNNVDid:CNNVD-201909-199
db:NVDid:CVE-2019-5227

LAST UPDATE DATE
2024-11-23T21:59:38.357000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-30711date:2019-09-09T00:00:00
db:JVNDBid:JVNDB-2019-012739date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201909-199date:2019-12-12T00:00:00
db:NVDid:CVE-2019-5227date:2024-11-21T04:44:33.753

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-30711date:2019-09-06T00:00:00
db:JVNDBid:JVNDB-2019-012739date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201909-199date:2019-09-04T00:00:00
db:NVDid:CVE-2019-5227date:2019-11-29T20:15:11.863