CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
27.5%
Some Huawei mobile phones have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code. (Vulnerability ID: HWPSIRT-2019-01019)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5299.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-phone-en
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | alp-al00b_firmware | 8.0.0.153 | cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.153:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.153 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.153:*:*:*:*:*:*:* |
huawei | alp-l29_firmware | 8.0.0.141 | cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.141:*:*:*:*:*:*:* |
huawei | alp-l29_firmware | 8.0.0.142 | cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.142:*:*:*:*:*:*:* |
huawei | anne-al00_firmware | 8.0.0.180 | cpe:2.3:o:huawei:anne-al00_firmware:8.0.0.180:*:*:*:*:*:*:* |
huawei | bla-al00b_firmware | 8.0.0.153 | cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.153:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.139 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.139:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.140 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.140:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.158 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.158:*:*:*:*:*:*:* |
huawei | bla-l29c_firmware | 8.0.0.145 | cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.145:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
27.5%