var-201911-0835
Vulnerability from variot
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information. The Huawei P20 Pro and other smartphones are all from China's Huawei. The vulnerability stems from the system's inadequate verification of the input model files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0835",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p20",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "p20 pro",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "mate rs",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "p20 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "charlotte-al00a_9.1.0.321\\(c00e320r1p1t8\\)"
},
{
"model": "p20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "emily-al00a_9.1.0.321\\(c00e320r1p1t8\\)"
},
{
"model": "mate rs",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "neo-al00d_neo-al00_9.1.0.321\\(c786e320r1p1t8\\)"
},
{
"model": "mate rs",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "neo-al00d neo-al00 9.1.0.321(c786e320r1p1t8)"
},
{
"model": "p20 pro",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "charlotte-al00a 9.1.0.321(c00e320r1p1t8)"
},
{
"model": "p20",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "emily-al00a 9.1.0.321(c00e320r1p1t8)"
},
{
"model": "mate rs \u003cneo-al00d neo-al00 9.1.0.321",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p20 \u003cemily-al00a 9.1.0.321",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p20 pro \u003ccharlotte-al00a 9.1.0.321",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p20",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "emily-al00a_9.0.0.167c00e81r1p21t8"
},
{
"model": "mate rs",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "neo-al00d_8.1.0.167c786"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
},
{
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_rs_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p20_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p20_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
}
]
},
"cve": "CVE-2019-5230",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5230",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-33473",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5230",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5230",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5230",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5230",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-33473",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1189",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
},
{
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information. The Huawei P20 Pro and other smartphones are all from China\u0027s Huawei. The vulnerability stems from the system\u0027s inadequate verification of the input model files",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5230"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "CNVD",
"id": "CNVD-2019-33473"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5230",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-33473",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1189",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
},
{
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"id": "VAR-201911-0835",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
}
],
"trust": 1.328472225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
}
]
},
"last_update_date": "2024-11-23T22:25:44.488000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190925-03-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-03-smartphone-en"
},
{
"title": "Patch for Huawei P20, P20, and Mate RS improper verification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/182399"
},
{
"title": "Huawei P20 , P20 and Mate RS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98597"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-03-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5230"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190925-03-smartphone-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
},
{
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
},
{
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"date": "2019-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"date": "2019-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1189"
},
{
"date": "2019-11-13T00:15:11.463000",
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33473"
},
{
"date": "2019-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011977"
},
{
"date": "2019-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1189"
},
{
"date": "2024-11-21T04:44:34.113000",
"db": "NVD",
"id": "CVE-2019-5230"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerability related to input confirmation in smartphone products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1189"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.