Details of VAR-201911-0834

ID

VAR-201911-0834

CVE

CVE-2019-5229

TITLE

P30 Vulnerability related to insufficient verification of data reliability on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-011976

DESCRIPTION

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. P30 Smartphones are vulnerable to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei P30 is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5229 // JVNDB: JVNDB-2019-011976 // CNVD: CNVD-2019-33472

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-33472

AFFECTED PRODUCTS

vendor:	huawei	model:	p30	scope:	eq	version:	-	Trust: 1.2
vendor:	huawei	model:	p30	scope:	lt	version:	elle-al00b_9.1.0.193\(c00e190r2p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	elle-al00b 9.1.0.193(c00e190r2p1)	Trust: 0.8
vendor:	huawei	model:	p30 <elle-al00b 9.1.0.193	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.193c00e190r2p1	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	elle-al00b_9.1.0.186c00e180r2p1	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	elle-al00b_9.1.0.193c00e190r1p21	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.226c00e220r2p1	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.166c00e66r1p11	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.173c00e73r1p11	Trust: 0.6

sources: CNVD: CNVD-2019-33472 // JVNDB: JVNDB-2019-011976 // CNNVD: CNNVD-201909-1192 // NVD: CVE-2019-5229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5229
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5229
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-33472
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201909-1192
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5229
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-33472
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5229
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5229
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-33472 // JVNDB: JVNDB-2019-011976 // CNNVD: CNNVD-201909-1192 // NVD: CVE-2019-5229

PROBLEMTYPE DATA

problemtype:

CWE-345

Trust: 1.8

sources: JVNDB: JVNDB-2019-011976 // NVD: CVE-2019-5229

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201909-1192

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011976

PATCH

title:	huawei-sa-20190925-02-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-02-smartphone-en	Trust: 0.8
title:	Patch for Huawei P30 Insufficient Verification Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/182403	Trust: 0.6
title:	Huawei P30 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98599	Trust: 0.6

sources: CNVD: CNVD-2019-33472 // JVNDB: JVNDB-2019-011976 // CNNVD: CNNVD-201909-1192

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5229	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011976	Trust: 0.8
db:	CNVD	id:	CNVD-2019-33472	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-1192	Trust: 0.6

sources: CNVD: CNVD-2019-33472 // JVNDB: JVNDB-2019-011976 // CNNVD: CNNVD-201909-1192 // NVD: CVE-2019-5229

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-02-smartphone-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5229	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190925-02-smartphone-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5229	Trust: 0.8

sources: CNVD: CNVD-2019-33472 // JVNDB: JVNDB-2019-011976 // CNNVD: CNNVD-201909-1192 // NVD: CVE-2019-5229

SOURCES

db:	CNVD	id:	CNVD-2019-33472
db:	JVNDB	id:	JVNDB-2019-011976
db:	CNNVD	id:	CNNVD-201909-1192
db:	NVD	id:	CVE-2019-5229

LAST UPDATE DATE

2024-11-23T22:37:36.323000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-33472	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-011976	date:	2019-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201909-1192	date:	2019-11-18T00:00:00
db:	NVD	id:	CVE-2019-5229	date:	2024-11-21T04:44:33.997

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-33472	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-011976	date:	2019-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201909-1192	date:	2019-09-25T00:00:00
db:	NVD	id:	CVE-2019-5229	date:	2019-11-12T23:15:10.347