Lucene search

Huawei TechnologiesHUAWEI-SA-20191204-03-SMARTPHONE

HistoryDec 04, 2019 - 12:00 a.m.

Security Advisory - Path Traversal Vulnerability in Several Smartphones

2019-12-0400:00:00

Huawei Technologies

www.huawei.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

38.6%

JSON

There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname from the application, an attacker should trick the user into installing, backing up and restoring a malicious application, successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2019-06112)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5251.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en

Affected configurations

Vulners

Node

huaweiwarsaw-al00Range<9.1.0.126

huaweibla-l29cRange<9.1.0.321

huaweibla-l29cRange<9.1.0.325

huaweibla-l29cRange<9.1.0.341

huaweibla-l29cRange<9.1.0.345

huaweibla-l29cRange<9.1.0.346

huaweibla-tl00bRange<9.1.0.333

huaweiwarsaw-al00Range<9.1.0.333

huaweiberkeley-al20Range<9.1.0.333

huaweiberkeley-l09Range<9.1.0.350

huaweiberkeley-l09Range<9.1.0.351

huaweiberkeley-tl10Range<9.1.0.333

huaweiever-l29bRange<10.0.0.183

huaweiever-l29bRange<10.0.0.184

huaweifigo-al10bRange<9.1.0.130

huaweifigo-l23Range<9.1.0.137

huaweifigo-l31Range<9.1.0.137

huaweifigo-l31Range<9.1.0.142

huaweifigo-l31Range<9.1.0.151

huaweifigo-tl10bRange<9.1.0.130

huaweiflorida-al20bRange<9.1.0.136

huaweiflorida-l21Range<9.1.0.139

huaweiflorida-l21Range<9.1.0.143

huaweiflorida-l22Range<9.1.0.143

huaweiflorida-l23Range<9.1.0.144

huaweiflorida-tl10bRange<9.1.0.136

huaweihonor_20Range<9.1.0.149

huaweihonor_20Range<9.1.0.170

huaweihonor_20Range<9.1.0.171

huaweihonor_20Range<9.1.0.172

huaweihonor_20Range<9.1.0.139

huaweimate_9_proRange<10.0.0.180

huaweimate_9_proRange<10.0.0.181

huaweimate_9_proRange<10.0.0.187

huaweihonor_20Range<10.0.0.188

huaweipc_smart_full_sceneRange<9.1.0.148

huaweihuawei_p20Range<9.1.0.246

huaweihuawei_p30Range<9.1.0.226

huaweihuawei_nova_2sRange<9.1.0.210

huaweihuawei_nova_3eRange<9.1.0.126

huaweihuawei_nova_3eRange<9.1.0.237

huaweihuawei_nova_3eRange<9.1.0.246

huaweihonor_view_10Range<9.0.0.240

huaweihonor_view_20Range<10.0.0.171

huaweihonor_view_20Range<10.0.0.172

huaweilaya-al00epRange<10.0.0.188

huaweivicky-al00aRange<9.1.0.130

huaweileland-l21aRange<9.1.0.143

huaweileland-l22cRange<9.1.0.143

huaweileland-l31aRange<9.1.0.134

huaweileland-l32aRange<9.1.0.139

huaweileland-l32cRange<9.1.0.139

huaweileland-l42aRange<9.1.0.139

huaweileland-l42cRange<9.1.0.139

huaweileland-tl10bRange<9.1.0.130

huaweileland-tl10cRange<9.1.0.130

huaweilelandp-al00cRange<9.1.0.120

huaweilelandp-al10bRange<9.1.0.120

huaweilelandp-al10dRange<9.1.0.120

huaweilelandp-l22aRange<9.1.0.124

huaweilelandp-l22cRange<9.1.0.139

huaweilelandp-l22dRange<9.1.0.139

huaweineo-al00dRange<10.0.0.156

huaweiprinceton-al10dRange<10.0.0.176

huaweitony-al00bRange<10.0.0.187

huaweitony-tl00bRange<10.0.0.175

huaweiyale-al50aRange<9.1.0.179

huaweiyale-al50aRange<9.1.1.132

huaweiyale-l21aRange<9.1.0.169

huaweiyale-l21aRange<9.1.0.170

huaweiyale-l21aRange<9.1.0.171

huaweiyale-tl00bRange<9.1.0.179

huaweiyalep-al10bRange<9.1.0.179

CPENameOperatorVersion
anne-al00lt9.1.0.126
bla-l29clt9.1.0.321
bla-l29clt9.1.0.325
bla-l29clt9.1.0.341
bla-l29clt9.1.0.345
bla-l29clt9.1.0.346
bla-tl00blt9.1.0.333
berkeley-al00lt9.1.0.333
berkeley-al20lt9.1.0.333
berkeley-l09lt9.1.0.350

Name	Operator	Version
anne-al00	lt	9.1.0.126
bla-l29c	lt	9.1.0.321
bla-l29c	lt	9.1.0.325
bla-l29c	lt	9.1.0.341
bla-l29c	lt	9.1.0.345
bla-l29c	lt	9.1.0.346
bla-tl00b	lt	9.1.0.333
berkeley-al00	lt	9.1.0.333
berkeley-al20	lt	9.1.0.333
berkeley-l09	lt	9.1.0.350

Rows per page:

1-10 of 931

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

38.6%

JSON

Related for HUAWEI-SA-20191204-03-SMARTPHONE