fkie_cve-2019-5211
Vulnerability from fkie_nvd
Published
2019-11-29 20:15
Modified
2024-11-21 04:44
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-enVendor Advisory
Impacted products
Vendor Product Version
huawei p20_firmware *
huawei p20 -
huawei p20_firmware *
huawei p20 -
huawei p20_firmware *
huawei p20 -
huawei p20_firmware *
huawei p20 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "090E3CA9-AB5E-47CC-A23D-A533FD4ACB85",
              "versionEndExcluding": "emily-l29c_9.1.0.311\\(c10e2r1p13t8\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE26A16D-571F-4433-B62B-80EDCEDC0279",
              "versionEndExcluding": "emily-l29c_9.1.0.311\\(c461e2r1p11t8\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AEAA325-0964-4A89-BEE0-A4A4035486BD",
              "versionEndExcluding": "emily-l29c_9.1.0.311\\(c605e2r1p12t8\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ECB5304-84C8-49C9-ABE8-63D6C0A9CEFA",
              "versionEndExcluding": "emily-l29c_9.1.0.311\\(c432e7r1p11t8\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim\u0027s mobile phone are deleted."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n Huawei Share de los tel\u00e9fonos P20 con versiones anteriores a Emily-L29C 9.1.0.311, presenta una vulnerabilidad de administraci\u00f3n de archivos inapropiada. El atacante enga\u00f1a a la v\u00edctima para que realice determinadas operaciones en el tel\u00e9fono m\u00f3vil durante la transferencia de archivos. Debido a que el archivo no es procesado apropiadamente, una explotaci\u00f3n con \u00e9xito puede causar que algunos archivos en el tel\u00e9fono m\u00f3vil de la v\u00edctima sean eliminados."
    }
  ],
  "id": "CVE-2019-5211",
  "lastModified": "2024-11-21T04:44:31.393",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-29T20:15:10.863",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.