Lucene search

Huawei TechnologiesHUAWEI-SA-20190517-01-SHARE

HistoryMay 17, 2019 - 12:00 a.m.

Security Advisory - MITM Vulnerability on Huawei Share

2019-05-1700:00:00

Huawei Technologies

www.huawei.com

107

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.6%

JSON

There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5215.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en

Affected configurations

Vulners

Node

huaweianne-al00_firmwareRange<9.1.0.122

huaweibla-al00b_firmwareRange<9.1.0.312

huaweibla-tl00b_firmwareRange<9.1.0.321

huaweiberkeley-al20_firmwareRange<9.1.0.321

huaweiberkeley-l09_firmwareRange<9.1.0.325

huaweiberkeley-tl10_firmwareRange<9.1.0.321

huaweifigo-tl10b_firmwareRange<9.1.0.127

huaweifigo-l31_firmwareRange<9.1.0.122

huaweifigo-l31_firmwareRange<9.1.0.130

huaweifigo-tl10b_firmwareRange<9.1.0.127

huaweiflorida-al20b_firmwareRange<9.1.0.124

huaweiflorida-tl10b_firmwareRange<9.1.0.124

huaweimate_20_firmwareRange<9.1.0.131

huaweimate_20_pro_firmwareRange<9.1.0.300

huaweip30_firmwareRange<9.1.0.175

huaweip30_pro_firmwareRange<9.1.0.175

huaweinova_2s_firmwareRange<9.1.0.201

huaweinova_3e_firmwareRange<9.1.0.122

huaweilaya-al00ep_firmwareRange<9.1.0.123

huaweilaya-al00ep_firmwareRange<9.1.0.135

huaweileland-al00a_firmwareRange<9.1.0.113

huaweileland-l42c_firmwareRange<9.1.0.122

huaweileland-tl10b_firmwareRange<9.1.0.113

huaweitony-al00b_firmwareRange<9.1.0.216

VendorProductVersionCPE
huaweianne-al00_firmware*cpe:2.3:o:huawei:anne-al00_firmware:*:*:*:*:*:*:*:*
huaweibla-al00b_firmware*cpe:2.3:o:huawei:bla-al00b_firmware:*:*:*:*:*:*:*:*
huaweibla-tl00b_firmware*cpe:2.3:o:huawei:bla-tl00b_firmware:*:*:*:*:*:*:*:*
huaweiberkeley-al20_firmware*cpe:2.3:o:huawei:berkeley-al20_firmware:*:*:*:*:*:*:*:*
huaweiberkeley-l09_firmware*cpe:2.3:o:huawei:berkeley-l09_firmware:*:*:*:*:*:*:*:*
huaweiberkeley-tl10_firmware*cpe:2.3:o:huawei:berkeley-tl10_firmware:*:*:*:*:*:*:*:*
huaweifigo-tl10b_firmware*cpe:2.3:o:huawei:figo-tl10b_firmware:*:*:*:*:*:*:*:*
huaweifigo-l31_firmware*cpe:2.3:o:huawei:figo-l31_firmware:*:*:*:*:*:*:*:*
huaweiflorida-al20b_firmware*cpe:2.3:o:huawei:florida-al20b_firmware:*:*:*:*:*:*:*:*
huaweiflorida-tl10b_firmware*cpe:2.3:o:huawei:florida-tl10b_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	anne-al00_firmware	*	cpe:2.3:o:huawei:anne-al00_firmware::::::::
huawei	bla-al00b_firmware	*	cpe:2.3:o:huawei:bla-al00b_firmware::::::::
huawei	bla-tl00b_firmware	*	cpe:2.3:o:huawei:bla-tl00b_firmware::::::::
huawei	berkeley-al20_firmware	*	cpe:2.3:o:huawei:berkeley-al20_firmware::::::::
huawei	berkeley-l09_firmware	*	cpe:2.3:o:huawei:berkeley-l09_firmware::::::::
huawei	berkeley-tl10_firmware	*	cpe:2.3:o:huawei:berkeley-tl10_firmware::::::::
huawei	figo-tl10b_firmware	*	cpe:2.3:o:huawei:figo-tl10b_firmware::::::::
huawei	figo-l31_firmware	*	cpe:2.3:o:huawei:figo-l31_firmware::::::::
huawei	florida-al20b_firmware	*	cpe:2.3:o:huawei:florida-al20b_firmware::::::::
huawei	florida-tl10b_firmware	*	cpe:2.3:o:huawei:florida-tl10b_firmware::::::::

Rows per page:

1-10 of 211

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.6%

JSON

Related for HUAWEI-SA-20190517-01-SHARE