ID

VAR-201912-0803


CVE

CVE-2019-5251


TITLE

plural Huawei Vulnerability of past traversal in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013191

DESCRIPTION

There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure. plural Huawei Smartphone products contain a paste traversal vulnerability.Information may be obtained. Huawei P30 and other products are products of China's Huawei. The Huawei P30 is a smartphone. Huawei P30 Pro is a smartphone. Huawei M6 is a tablet. The vulnerability stems from the system's failure to adequately verify the path name from an application. information

Trust: 2.16

sources: NVD: CVE-2019-5251 // JVNDB: JVNDB-2019-013191 // CNVD: CNVD-2020-02966

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02966

AFFECTED PRODUCTS

vendor:huaweimodel:enjoy 7sscope:ltversion:9.1.0.130\(c00e115r2p8t8\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:9.1.0.333\(c00e333r2p1t8\)

Trust: 1.0

vendor:huaweimodel:m6scope:ltversion:9.1.1.150\(c00e150r1p150\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:ltversion:9.1.0.139\(c00e133r3p1\)

Trust: 1.0

vendor:huaweimodel:p30 proscope:ltversion:9.1.0.226\(c00e210r2p1\)

Trust: 1.0

vendor:huaweimodel:p30scope:ltversion:9.1.0.226\(c00e220r2p1\)

Trust: 1.0

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.143\(c636e5r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 9iscope:ltversion:9.1.0.120\(c00e113r1p6t8\)

Trust: 1.0

vendor:huaweimodel:honor 20sscope:ltversion:9.1.1.132\(c00e131r6p1\)

Trust: 1.0

vendor:huaweimodel:honor 9 litescope:ltversion:9.1.0.130\(c00e112r2p10t8\)

Trust: 1.0

vendor:huaweimodel:enjoy 7sscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 20sscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9iscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 10scope: - version: -

Trust: 0.8

vendor:huaweimodel:m6scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:p30 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:p30scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor <9.1.0.333scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:p30 <9.1.0.226scope: - version: -

Trust: 0.6

vendor:huaweimodel:enjoy 7sscope:ltversion:9.1.0.130

Trust: 0.6

vendor:huaweimodel:mate <9.1.0.139scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:honor lite <9.1.0.130scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:honor lite <9.1.0.143scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:honor 9i <9.1.0.120scope: - version: -

Trust: 0.6

vendor:ibabymodel:m6 <9.1.1.150scope: - version: -

Trust: 0.6

vendor:huaweimodel:p30 pro <9.1.0.226scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor 20s <9.1.1.132scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-02966 // JVNDB: JVNDB-2019-013191 // NVD: CVE-2019-5251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5251
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5251
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-02966
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-175
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5251
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02966
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5251
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5251
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02966 // JVNDB: JVNDB-2019-013191 // CNNVD: CNNVD-201912-175 // NVD: CVE-2019-5251

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2019-013191 // NVD: CVE-2019-5251

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-175

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201912-175

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013191

PATCH

title:huawei-sa-20191204-03-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en

Trust: 0.8

title:Patch for Multiple Huawei Product Path Traversal Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/197281

Trust: 0.6

title:Multiple Huawei Product path traversal vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103979

Trust: 0.6

sources: CNVD: CNVD-2020-02966 // JVNDB: JVNDB-2019-013191 // CNNVD: CNNVD-201912-175

EXTERNAL IDS

db:NVDid:CVE-2019-5251

Trust: 3.0

db:JVNDBid:JVNDB-2019-013191

Trust: 0.8

db:CNVDid:CNVD-2020-02966

Trust: 0.6

db:CNNVDid:CNNVD-201912-175

Trust: 0.6

sources: CNVD: CNVD-2020-02966 // JVNDB: JVNDB-2019-013191 // CNNVD: CNNVD-201912-175 // NVD: CVE-2019-5251

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-5251

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5251

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-03-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2020-02966 // JVNDB: JVNDB-2019-013191 // CNNVD: CNNVD-201912-175 // NVD: CVE-2019-5251

CREDITS

The vulnerability was discovered by an external researcher. Huawei thanks the researcher for cooperating with us to disclose the vulnerability to protect Huawei's customers.

Trust: 0.6

sources: CNNVD: CNNVD-201912-175

SOURCES

db:CNVDid:CNVD-2020-02966
db:JVNDBid:JVNDB-2019-013191
db:CNNVDid:CNNVD-201912-175
db:NVDid:CVE-2019-5251

LAST UPDATE DATE

2024-11-23T23:11:36.711000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-02966date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013191date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-175date:2020-09-03T00:00:00
db:NVDid:CVE-2019-5251date:2024-11-21T04:44:36.387

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-02966date:2020-01-20T00:00:00
db:JVNDBid:JVNDB-2019-013191date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-175date:2019-12-04T00:00:00
db:NVDid:CVE-2019-5251date:2019-12-13T15:15:11.317