CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
25.7%
There is a denial of service vulnerability on some Huawei smartphones. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device abnormal. (Vulnerability ID: HWPSIRT-2019-05096)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5260.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | alp-al00b_firmware | 8.0.0.153 | cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.153:*:*:*:*:*:*:* |
huawei | alp-l09_firmware | 8.0.0.153 | cpe:2.3:o:huawei:alp-l09_firmware:8.0.0.153:*:*:*:*:*:*:* |
huawei | alp-l29_firmware | 8.0.0.145 | cpe:2.3:o:huawei:alp-l29_firmware:8.0.0.145:*:*:*:*:*:*:* |
huawei | bla-al00b_firmware | 8.0.0.153 | cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.153:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.140 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.140:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.158 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.158:*:*:*:*:*:*:* |
huawei | berkeley-al20_firmware | 8.0.0.204 | cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.204:*:*:*:*:*:*:* |
huawei | berkeley-l09_firmware | 8.0.0.172 | cpe:2.3:o:huawei:berkeley-l09_firmware:8.0.0.172:*:*:*:*:*:*:* |
huawei | berkeley-l09_firmware | 8.0.0.173 | cpe:2.3:o:huawei:berkeley-l09_firmware:8.0.0.173:*:*:*:*:*:*:* |
huawei | charlotte-l09c_firmware | 8.1.0.156 | cpe:2.3:o:huawei:charlotte-l09c_firmware:8.1.0.156:*:*:*:*:*:*:* |
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
25.7%