CVE-2019-5212

Published: Nov 29, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.

Affected (4)

Products: Huawei: P20 Firmware

Huawei

1 product

P20 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P20 Firmware	Before emily-l29c_9.1.0.311\(c10e2r1p13t8\)

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P20 Firmware	Before emily-l29c_9.1.0.311\(c461e2r1p11t8\)

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P20 Firmware	Before emily-l29c_9.1.0.311\(c605e2r1p12t8\)

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P20 Firmware	Before emily-l29c_9.1.0.311\(c432e7r1p11t8\)

Running on/with	Platform Versions
Huawei P20	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.