Sign-up

ID

VAR-201912-0061


CVE

CVE-2019-5260


TITLE

HUAWEI Y9 2019 and Honor View 20 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013171

DESCRIPTION

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot. HUAWEI Y9 2019 and Honor View 20 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 2.16

sources: NVD: CVE-2019-5260 // JVNDB: JVNDB-2019-013171 // CNVD: CNVD-2019-47202

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-47202

AFFECTED PRODUCTS

vendor:huaweimodel:honor view 9.0.1.170scope:eqversion:20

Trust: 1.2

vendor:huaweimodel:y9 2019scope:eqversion:8.2.0.163\(c605\)

Trust: 1.0

vendor:huaweimodel:view 20scope:eqversion:9.0.1.169\(c636e1r4p1\)

Trust: 1.0

vendor:huaweimodel:y9 2019scope:eqversion:8.2.0.160\(c185r2p2\)

Trust: 1.0

vendor:huaweimodel:view 20scope:eqversion:9.0.1.170\(c185e2r3p1\)

Trust: 1.0

vendor:huaweimodel:y9 2019scope:eqversion:8.2.0.162\(c605\)

Trust: 1.0

vendor:huaweimodel:view 20scope:eqversion:9.0.1.170\(c432e1r3p1\)

Trust: 1.0

vendor:huaweimodel:view 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:y9 2019scope: - version: -

Trust: 0.8

vendor:huaweimodel:y9 8.2.0.160scope:eqversion:2019

Trust: 0.6

vendor:huaweimodel:y9 8.2.0.162scope:eqversion:2019

Trust: 0.6

vendor:huaweimodel:y9 8.2.0.163scope:eqversion:2019

Trust: 0.6

vendor:huaweimodel:honor view 9.0.1.169scope:eqversion:20

Trust: 0.6

sources: CNVD: CNVD-2019-47202 // JVNDB: JVNDB-2019-013171 // NVD: CVE-2019-5260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5260
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5260
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-47202
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-562
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5260
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-47202
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5260
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5260
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-47202 // JVNDB: JVNDB-2019-013171 // CNNVD: CNNVD-201912-562 // NVD: CVE-2019-5260

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013171 // NVD: CVE-2019-5260

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201912-562

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-562

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013171

PATCH
title:huawei-sa-20190911-01-mobileurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en
Trust: 0.8
title:Patch for Huawei Y9 2019 and Honor View 20 denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/195479
Trust: 0.6
title:Huawei Y9 2019  and Honor View 20 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105655
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-47202 // 
            
            
            
            JVNDB: JVNDB-2019-013171 // 
            
            
            
            CNNVD: CNNVD-201912-562

EXTERNAL IDS
db:NVDid:CVE-2019-5260
Trust: 3.0
db:JVNDBid:JVNDB-2019-013171
Trust: 0.8
db:CNVDid:CNVD-2019-47202
Trust: 0.6
db:CNNVDid:CNNVD-201912-562
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-47202 // 
            
            
            
            JVNDB: JVNDB-2019-013171 // 
            
            
            
            CNNVD: CNNVD-201912-562 // 
            
            
            
            NVD: CVE-2019-5260

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5260
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190911-01-mobile-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5260
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-47202 // 
            
            
            
            JVNDB: JVNDB-2019-013171 // 
            
            
            
            CNNVD: CNNVD-201912-562 // 
            
            
            
            NVD: CVE-2019-5260

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-562

SOURCES
db:CNVDid:CNVD-2019-47202
db:JVNDBid:JVNDB-2019-013171
db:CNNVDid:CNNVD-201912-562
db:NVDid:CVE-2019-5260

LAST UPDATE DATE
2024-11-23T22:41:17.416000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-47202date:2019-12-27T00:00:00
db:JVNDBid:JVNDB-2019-013171date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-562date:2020-06-18T00:00:00
db:NVDid:CVE-2019-5260date:2024-11-21T04:44:37.783

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-47202date:2019-12-27T00:00:00
db:JVNDBid:JVNDB-2019-013171date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-562date:2019-12-11T00:00:00
db:NVDid:CVE-2019-5260date:2019-12-13T22:15:11.687