Lucene search

HuaweiCVE-2019-5225

HistoryNov 29, 2019 - 8:15 p.m.

CVE-2019-5225

2019-11-2920:15:11

CWE-120

huawei

web.nvd.nist.gov

cve-2019-5225

buffer overflow

vulnerability

smartphone

security

cve

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.

Affected configurations

Nvd

Vulners

Node

huaweip30_firmwareRange<elle-al00b_9.1.0.193\(c00e190r1p21\)

AND

huaweip30Match-

Node

huaweimate_20_firmwareRange<hima-al00b_9.1.0.135\(c00e200r2p1\)

AND

huaweimate_20Match-

Node

huaweip30_pro_firmwareRange<vogue-al00a_9.1.0.193\(c00e190r1p12\)

AND

huaweip30_proMatch-

VendorProductVersionCPE
huaweip30_firmware*cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
huaweip30-cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*
huaweimate_20_firmware*cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
huaweimate_20-cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*
huaweip30_pro_firmware*cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
huaweip30_pro-cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	p30_firmware	*	cpe:2.3:o:huawei:p30_firmware::::::::
huawei	p30	-	cpe:2.3:h:huawei:p30:-:::::::*
huawei	mate_20_firmware	*	cpe:2.3:o:huawei:mate_20_firmware::::::::
huawei	mate_20	-	cpe:2.3:h:huawei:mate_20:-:::::::*
huawei	p30_pro_firmware	*	cpe:2.3:o:huawei:p30_pro_firmware::::::::
huawei	p30_pro	-	cpe:2.3:h:huawei:p30_pro:-:::::::*

CNA Affected

[
  {
    "product": "P30, Mate 20, P30 Pro",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-02-smartphone-en

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

Related for CVE-2019-5225