ID

VAR-201911-0835


CVE

CVE-2019-5230


TITLE

plural Huawei Vulnerability related to input confirmation in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011977

DESCRIPTION

P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information. The Huawei P20 Pro and other smartphones are all from China's Huawei. The vulnerability stems from the system's inadequate verification of the input model files

Trust: 2.16

sources: NVD: CVE-2019-5230 // JVNDB: JVNDB-2019-011977 // CNVD: CNVD-2019-33473

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33473

AFFECTED PRODUCTS

vendor:huaweimodel:p20scope:eqversion: -

Trust: 1.2

vendor:huaweimodel:p20 proscope:eqversion: -

Trust: 1.2

vendor:huaweimodel:mate rsscope:eqversion: -

Trust: 1.2

vendor:huaweimodel:p20 proscope:ltversion:charlotte-al00a_9.1.0.321\(c00e320r1p1t8\)

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:emily-al00a_9.1.0.321\(c00e320r1p1t8\)

Trust: 1.0

vendor:huaweimodel:mate rsscope:ltversion:neo-al00d_neo-al00_9.1.0.321\(c786e320r1p1t8\)

Trust: 1.0

vendor:huaweimodel:mate rsscope:ltversion:neo-al00d neo-al00 9.1.0.321(c786e320r1p1t8)

Trust: 0.8

vendor:huaweimodel:p20 proscope:ltversion:charlotte-al00a 9.1.0.321(c00e320r1p1t8)

Trust: 0.8

vendor:huaweimodel:p20scope:ltversion:emily-al00a 9.1.0.321(c00e320r1p1t8)

Trust: 0.8

vendor:huaweimodel:mate rs <neo-al00d neo-al00 9.1.0.321scope: - version: -

Trust: 0.6

vendor:huaweimodel:p20 <emily-al00a 9.1.0.321scope: - version: -

Trust: 0.6

vendor:huaweimodel:p20 pro <charlotte-al00a 9.1.0.321scope: - version: -

Trust: 0.6

vendor:huaweimodel:p20scope:eqversion:emily-al00a_9.0.0.167c00e81r1p21t8

Trust: 0.6

vendor:huaweimodel:mate rsscope:eqversion:neo-al00d_8.1.0.167c786

Trust: 0.6

sources: CNVD: CNVD-2019-33473 // JVNDB: JVNDB-2019-011977 // CNNVD: CNNVD-201909-1189 // NVD: CVE-2019-5230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5230
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5230
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-33473
value: LOW

Trust: 0.6

CNNVD: CNNVD-201909-1189
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5230
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33473
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5230
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5230
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-33473 // JVNDB: JVNDB-2019-011977 // CNNVD: CNNVD-201909-1189 // NVD: CVE-2019-5230

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-011977 // NVD: CVE-2019-5230

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-1189

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1189

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:mate_rs_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:p20_pro_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:p20_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2019-011977

PATCH

title:huawei-sa-20190925-03-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-03-smartphone-en

Trust: 0.8

title:Patch for Huawei P20, P20, and Mate RS improper verification vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182399

Trust: 0.6

title:Huawei P20 , P20 and Mate RS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98597

Trust: 0.6

sources: CNVD: CNVD-2019-33473 // JVNDB: JVNDB-2019-011977 // CNNVD: CNNVD-201909-1189

EXTERNAL IDS

db:NVDid:CVE-2019-5230

Trust: 3.0

db:JVNDBid:JVNDB-2019-011977

Trust: 0.8

db:CNVDid:CNVD-2019-33473

Trust: 0.6

db:CNNVDid:CNNVD-201909-1189

Trust: 0.6

sources: CNVD: CNVD-2019-33473 // JVNDB: JVNDB-2019-011977 // CNNVD: CNNVD-201909-1189 // NVD: CVE-2019-5230

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-03-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5230

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190925-03-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5230

Trust: 0.8

sources: CNVD: CNVD-2019-33473 // JVNDB: JVNDB-2019-011977 // CNNVD: CNNVD-201909-1189 // NVD: CVE-2019-5230

SOURCES

db:CNVDid:CNVD-2019-33473
db:JVNDBid:JVNDB-2019-011977
db:CNNVDid:CNNVD-201909-1189
db:NVDid:CVE-2019-5230

LAST UPDATE DATE

2024-11-23T22:25:44.488000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-33473date:2019-09-27T00:00:00
db:JVNDBid:JVNDB-2019-011977date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201909-1189date:2019-11-18T00:00:00
db:NVDid:CVE-2019-5230date:2024-11-21T04:44:34.113

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-33473date:2019-09-27T00:00:00
db:JVNDBid:JVNDB-2019-011977date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201909-1189date:2019-09-25T00:00:00
db:NVDid:CVE-2019-5230date:2019-11-13T00:15:11.463