Lucene search

Huawei TechnologiesHUAWEI-SA-20190911-01-MOBILE

HistoryDec 11, 2019 - 12:00 a.m.

Security Advisory - Denial of Service Vulnerability on Some Huawei Smartphones

2019-12-1100:00:00

Huawei Technologies

www.huawei.com

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.7%

JSON

There is a denial of service vulnerability on some Huawei smartphones. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device abnormal. (Vulnerability ID: HWPSIRT-2019-05096)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5260.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en

Affected configurations

Vulners

Node

huaweialp-al00b_firmwareMatch8.0.0.153

huaweialp-l09_firmwareMatch8.0.0.153

huaweialp-l29_firmwareMatch8.0.0.145

huaweibla-al00b_firmwareMatch8.0.0.153

huaweibla-l09c_firmwareMatch8.0.0.140

huaweibla-l09c_firmwareMatch8.0.0.158

huaweiberkeley-al20_firmwareMatch8.0.0.204

huaweiberkeley-l09_firmwareMatch8.0.0.172

huaweiberkeley-l09_firmwareMatch8.0.0.173

huaweicharlotte-l09c_firmwareMatch8.1.0.156

huaweicharlotte-l09c_firmwareMatch8.1.0.157

huaweicharlotte-l09c_firmwareMatch8.1.0.161

huaweicolumbia-al10b_firmwareRange<9.1.0.333

huaweicolumbia-l29d_firmwareMatch8.1.0.146

huaweicolumbia-l29d_firmwareMatch8.1.0.148

huaweicolumbia-l29d_firmwareMatch8.1.0.151

huaweicornell-al00a_firmwareMatch8.2.0.151

huaweicornell-l29a_firmwareMatch8.2.0.131

huaweicornell-l29a_firmwareMatch8.2.0.132

huaweicornell-l29a_firmwareMatch8.2.0.133

huaweiemily-l09c_firmwareMatch8.1.0.155

huaweiemily-l09c_firmwareMatch8.1.0.156

huaweiemily-l09c_firmwareMatch8.1.0.172

huaweiemily-l29c_firmwareMatch8.1.0.154

huaweiemily-l29c_firmwareMatch8.1.0.156

huaweiemily-l29c_firmwareMatch8.1.0.159

huaweiemily-l29c_firmwareMatch8.1.0.166

huaweiever-l29b_firmwareMatch9.0.0.206

huaweiever-l29b_firmwareMatch9.0.0.207

huaweiever-l29b_firmwareMatch9.0.0.208

huaweimate_20_firmwareMatch9.0.0.200

huaweimate_20_firmwareRange<9.1.0.131

huaweimate_20_firmwareRange<9.1.0.135

huaweimate_20_pro_firmwareMatch9.0.0.245

huaweimate_20_pro_firmwareMatch9.0.0.263

huaweimate_20_pro_firmwareMatch9.0.0.267

huaweimate_20_pro_firmwareMatch9.0.0.268

huaweimate_20_pro_firmwareMatch9.0.0.269

huaweimate_20_pro_firmwareMatch9.0.0.275

huaweimate_20_pro_firmwareMatch9.0.0.278

huaweimate_20_pro_firmwareRange<9.1.0.310

huaweimate_20_pro_firmwareRange<9.1.0.311

huaweimate_20_x_firmwareMatch9.0.0.200

huaweimate_20_x_firmwareRange<9.1.0.135

huaweip_smart_2019_firmwareMatch9.0.1.178

huaweip_smart_2019_firmwareMatch9.0.1.181

huaweip_smart_2019_firmwareRange<9.1.0.263

huaweip_smart_2019_firmwareRange<9.1.0.289

huaweip20_firmwareMatch8.1.0.190

huaweip20_firmwareRange<9.1.0.321

huaweip20_pro_firmwareMatch8.1.0.176

huaweip20_pro_firmwareRange<9.1.0.333

huaweip30_firmwareMatch9.1.0.153

huaweip30_firmwareRange<9.1.0.193

huaweip30_pro_firmwareMatch9.1.0.162

huaweip30_pro_firmwareRange<9.1.0.186

huaweiy9_2019_firmwareMatch8.2.0.151

huaweiy9_2019_firmwareMatch8.2.0.152

huaweiy9_2019_firmwareMatch8.2.0.153

huaweiy9_2019_firmwareMatch8.2.0.155

huaweiy9_2019_firmwareMatch8.2.0.158

huaweiy9_2019_firmwareMatch8.2.0.160

huaweiy9_2019_firmwareMatch8.2.0.163

huaweiy9_2019_firmwareRange<9.1.0.220

huaweinova_3_firmwareMatch8.2.0.135

huaweinova_3_firmwareMatch8.2.0.181

huaweinova_3_firmwareRange<9.1.0.331

huaweinova_3_firmwareRange<9.1.0.333

huaweinova_lite_3_firmwareMatch9.0.1.178

huaweinova_lite_3_firmwareRange<9.1.0.305

huaweihonor_10_lite_firmwareMatch9.0.1.177

huaweihonor_10_lite_firmwareMatch9.0.1.181

huaweihonor_10_lite_firmwareRange<9.1.0.262

huaweihonor_8x_firmwareMatch8.2.0.101

huaweihonor_8x_firmwareMatch8.2.0.105

huaweihonor_8x_firmwareMatch8.2.0.130

huaweihonor_8x_firmwareMatch8.2.0.131

huaweihonor_8x_firmwareRange<9.1.0.217

huaweihonor_8x_firmwareRange<9.1.0.218

huaweihonor_8x_firmwareRange<9.1.0.221

huaweihonor_8x_firmwareRange<9.1.0.248

huaweihonor_view_20_firmwareMatch9.0.1.150

huaweihonor_view_20_firmwareMatch9.0.1.170

huaweihonor_view_20_firmwareRange<9.1.0.235

huaweihonor_view_20_firmwareRange<9.1.0.238

huaweijackman-l22_firmwareMatch8.2.0.156

huaweivicky-al00c_firmwareRange<9.1.0.210

huaweijohnson-tl00d_firmwareRange<9.1.0.223

huaweijohnson-tl00f_firmwareRange<9.1.0.223

huaweilaya-al00ep_firmwareRange<9.1.0.135

huaweiparis-l21b_firmwareMatch8.2.0.130

huaweiparis-l21meb_firmwareMatch8.2.0.135

huaweiparis-l29b_firmwareMatch8.2.0.137

huaweisydney-al00_firmwareMatch8.2.0.157

huaweisydney-l21_firmwareMatch8.2.0.108

huaweisydney-l21_firmwareMatch8.2.0.137

huaweisydney-l21br_firmwareMatch8.2.0.130

huaweisydney-l22_firmwareMatch8.2.0.138

huaweisydney-l22br_firmwareMatch8.2.0.133

huaweisydneym-al00_firmwareRange<9.1.0.228

huaweisydneym-l01_firmwareMatch8.2.0.132

huaweisydneym-l01_firmwareMatch8.2.0.133

huaweisydneym-l01_firmwareMatch8.2.0.143

huaweisydneym-l03_firmwareMatch8.2.0.135

huaweisydneym-l21_firmwareMatch8.2.0.134

huaweisydneym-l21_firmwareMatch8.2.0.142

huaweisydneym-l22_firmwareMatch8.2.0.132

huaweisydneym-l22_firmwareMatch8.2.0.142

huaweisydneym-l23_firmwareMatch8.2.0.134

huaweitony-al00b_firmwareRange<10.0.0.175

huaweiyale-l21a_firmwareMatch9.1.0.107

huaweihonor_8x_firmwareMatch8.2.0.175

huaweihonor_magic2_firmwareMatch9.1.0.206

VendorProductVersionCPE
huaweialp-al00b_firmware8.0.0.153cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.153:*:*:*:*:*:*:*
huaweialp-l09_firmware8.0.0.153cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.153:*:*:*:*:*:*:*
huaweialp-l29_firmware8.0.0.145cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.145:*:*:*:*:*:*:*
huaweibla-al00b_firmware8.0.0.153cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.153:*:*:*:*:*:*:*
huaweibla-l09c_firmware8.0.0.140cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.140:*:*:*:*:*:*:*
huaweibla-l09c_firmware8.0.0.158cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.158:*:*:*:*:*:*:*
huaweiberkeley-al20_firmware8.0.0.204cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.204:*:*:*:*:*:*:*
huaweiberkeley-l09_firmware8.0.0.172cpe:2.3:o:huawei:berkeley-l09_firmware:8.0.0.172:*:*:*:*:*:*:*
huaweiberkeley-l09_firmware8.0.0.173cpe:2.3:o:huawei:berkeley-l09_firmware:8.0.0.173:*:*:*:*:*:*:*
huaweicharlotte-l09c_firmware8.1.0.156cpe:2.3:o:huawei:charlotte-l09c_firmware:8.1.0.156:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	alp-al00b_firmware	8.0.0.153	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.153:::::::*
huawei	alp-l09_firmware	8.0.0.153	cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.153:::::::*
huawei	alp-l29_firmware	8.0.0.145	cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.145:::::::*
huawei	bla-al00b_firmware	8.0.0.153	cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.153:::::::*
huawei	bla-l09c_firmware	8.0.0.140	cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.140:::::::*
huawei	bla-l09c_firmware	8.0.0.158	cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.158:::::::*
huawei	berkeley-al20_firmware	8.0.0.204	cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.204:::::::*
huawei	berkeley-l09_firmware	8.0.0.172	cpe:2.3:o:huawei:berkeley-l09_firmware:8.0.0.172:::::::*
huawei	berkeley-l09_firmware	8.0.0.173	cpe:2.3:o:huawei:berkeley-l09_firmware:8.0.0.173:::::::*
huawei	charlotte-l09c_firmware	8.1.0.156	cpe:2.3:o:huawei:charlotte-l09c_firmware:8.1.0.156:::::::*

Rows per page:

1-10 of 1051

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.7%

JSON

Related for HUAWEI-SA-20190911-01-MOBILE