Lucene search

[email protected]NVD:CVE-2019-5229

HistoryNov 12, 2019 - 11:15 p.m.

CVE-2019-5229

2019-11-1223:15:10

CWE-345

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution.

Affected configurations

Nvd

Node

huaweip30_firmwareRange<elle-al00b_9.1.0.193\(c00e190r2p1\)

AND

huaweip30Match-

VendorProductVersionCPE
huaweip30_firmware*cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
huaweip30-cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	p30_firmware	*	cpe:2.3:o:huawei:p30_firmware::::::::
huawei	p30	-	cpe:2.3:h:huawei:p30:-:::::::*

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-02-smartphone-en

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2019-5229

prion1 cvelist1 huawei1 cve1