CVE-2019-5230
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
20.9%
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | p20_pro_firmware | * | cpe:2.3:o:huawei:p20_pro_firmware:*:*:*:*:*:*:*:* |
| huawei | p20_pro | - | cpe:2.3:h:huawei:p20_pro:-:*:*:*:*:*:*:* |
| huawei | p20_firmware | * | cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:* |
| huawei | p20 | - | cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:* |
| huawei | mate_rs_firmware | * | cpe:2.3:o:huawei:mate_rs_firmware:*:*:*:*:*:*:*:* |
| huawei | mate_rs | - | cpe:2.3:h:huawei:mate_rs:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
20.9%