Lucene search

[email protected]NVD:CVE-2019-5226

HistoryNov 29, 2019 - 7:15 p.m.

CVE-2019-5226

2019-11-2919:15:12

CWE-346

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.9%

JSON

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

Affected configurations

Nvd

Node

huaweip30_firmwareRange<elle-al00b_9.1.0.193\(c00e190r2p1\)

AND

huaweip30Match-

Node

huaweip30_pro_firmwareRange<vogue-al00a_9.1.0.193\(c00e190r2p1\)

AND

huaweip30_proMatch-

Node

huaweimate_20_firmwareRange<hima-al00b_9.1.0.135\(c00e133r2p1\)

AND

huaweimate_20Match-

Node

huaweihisuite_firmwareRange<9.1.0.305

AND

huaweihisuiteMatch-

VendorProductVersionCPE
huaweip30_firmware*cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
huaweip30-cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*
huaweip30_pro_firmware*cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
huaweip30_pro-cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*
huaweimate_20_firmware*cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
huaweimate_20-cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*
huaweihisuite_firmware*cpe:2.3:o:huawei:hisuite_firmware:*:*:*:*:*:*:*:*
huaweihisuite-cpe:2.3:h:huawei:hisuite:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	p30_firmware	*	cpe:2.3:o:huawei:p30_firmware::::::::
huawei	p30	-	cpe:2.3:h:huawei:p30:-:::::::*
huawei	p30_pro_firmware	*	cpe:2.3:o:huawei:p30_pro_firmware::::::::
huawei	p30_pro	-	cpe:2.3:h:huawei:p30_pro:-:::::::*
huawei	mate_20_firmware	*	cpe:2.3:o:huawei:mate_20_firmware::::::::
huawei	mate_20	-	cpe:2.3:h:huawei:mate_20:-:::::::*
huawei	hisuite_firmware	*	cpe:2.3:o:huawei:hisuite_firmware::::::::
huawei	hisuite	-	cpe:2.3:h:huawei:hisuite:-:::::::*

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.9%

JSON

Related for NVD:CVE-2019-5226

prion1 cve1 cvelist1 huawei1