ID

VAR-201911-0833


CVE

CVE-2019-5228


TITLE

plural Huawei Vulnerability related to competition in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011975

DESCRIPTION

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. Huawei P30 and others are all smartphones of China's Huawei company. The vulnerability stems from the fact that the system does not lock the function

Trust: 2.16

sources: NVD: CVE-2019-5228 // JVNDB: JVNDB-2019-011975 // CNVD: CNVD-2019-41252

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41252

AFFECTED PRODUCTS

vendor:huaweimodel:p30 proscope:eqversion: -

Trust: 1.2

vendor:huaweimodel:honor v20scope:eqversion: -

Trust: 1.2

vendor:huaweimodel:p30 proscope:ltversion:vogue-al00a_9.1.0.193\(c00e190r1p12\)

Trust: 1.0

vendor:huaweimodel:honor v20scope:ltversion:princeton-al10b_9.1.0.233\(c00e233r4p3\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:elle-al00b_9.1.0.193\(c00e190r1p21\)

Trust: 1.0

vendor:huaweimodel:honor v20scope:ltversion:princeton-al10b 9.1.0.233(c00e233r4p3)

Trust: 0.8

vendor:huaweimodel:p30 proscope:ltversion:vogue-al00a 9.1.0.193(c00e190r1p12)

Trust: 0.8

vendor:huaweimodel:p30scope:ltversion:elle-al00b 9.1.0.193(c00e190r1p21)

Trust: 0.8

vendor:huaweimodel:p30 <elle-al00b 9.1.0.193scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <vogue-al00a 9.1.0.193scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor <princeton-al10b 9.1.0.233scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:p30 proscope:eqversion:9.1.0.226c00e210r2p1

Trust: 0.6

vendor:huaweimodel:p30scope:eqversion:elle-al00b_9.1.0.186c00e180r2p1

Trust: 0.6

vendor:huaweimodel:honor v20scope:eqversion:9.0.1.161c00e161r2p2

Trust: 0.6

sources: CNVD: CNVD-2019-41252 // JVNDB: JVNDB-2019-011975 // CNNVD: CNNVD-201909-540 // NVD: CVE-2019-5228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5228
value: HIGH

Trust: 1.0

NVD: CVE-2019-5228
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-41252
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-540
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5228
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41252
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5228
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5228
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41252 // JVNDB: JVNDB-2019-011975 // CNNVD: CNNVD-201909-540 // NVD: CVE-2019-5228

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.8

problemtype:CWE-787

Trust: 1.0

sources: JVNDB: JVNDB-2019-011975 // NVD: CVE-2019-5228

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-540

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-540

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011975

PATCH

title:huawei-sa-20190911-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en

Trust: 0.8

title:Patch for Huawei P30, Huawei P30 Pro and Honor Princeton-AL10B Conditional Competitive Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/190791

Trust: 0.6

title:Huawei P30 , Huawei P30 Pro and Honor Princeton-AL10B Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98128

Trust: 0.6

sources: CNVD: CNVD-2019-41252 // JVNDB: JVNDB-2019-011975 // CNNVD: CNNVD-201909-540

EXTERNAL IDS

db:NVDid:CVE-2019-5228

Trust: 3.0

db:JVNDBid:JVNDB-2019-011975

Trust: 0.8

db:CNVDid:CNVD-2019-41252

Trust: 0.6

db:CNNVDid:CNNVD-201909-540

Trust: 0.6

sources: CNVD: CNVD-2019-41252 // JVNDB: JVNDB-2019-011975 // CNNVD: CNNVD-201909-540 // NVD: CVE-2019-5228

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5228

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190911-01-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5228

Trust: 0.8

sources: CNVD: CNVD-2019-41252 // JVNDB: JVNDB-2019-011975 // CNNVD: CNNVD-201909-540 // NVD: CVE-2019-5228

SOURCES

db:CNVDid:CNVD-2019-41252
db:JVNDBid:JVNDB-2019-011975
db:CNNVDid:CNNVD-201909-540
db:NVDid:CVE-2019-5228

LAST UPDATE DATE

2024-11-23T23:04:35.732000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-41252date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-011975date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201909-540date:2019-11-18T00:00:00
db:NVDid:CVE-2019-5228date:2024-11-21T04:44:33.877

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-41252date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-011975date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201909-540date:2019-09-10T00:00:00
db:NVDid:CVE-2019-5228date:2019-11-12T23:15:10.223