← Back

CVE-2019-5227

nvd nist
Published: Nov 29, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

Affected (4)

Huawei
4 products
P30 Firmware
P30 Pro Firmware
Mate 20 Firmware
Hisuite Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
P30 Firmware
Before elle-al00b_9.1.0.193\(c00e190r2p1\)
Running on/withPlatform Versions
Huawei
P30
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
P30 Pro Firmware
Before vogue-al00a_9.1.0.193\(c00e190r2p1\)
Running on/withPlatform Versions
Huawei
P30 Pro
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mate 20 Firmware
Before hima-al00b_9.1.0.135\(c00e133r2p1\)
Running on/withPlatform Versions
Huawei
Mate 20
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hisuite Firmware
Before 9.1.0.305
Running on/withPlatform Versions
Huawei
Hisuite
All versions

Related CWEs

CWE-346
Origin Validation Error
The product does not properly verify that the source of data or communication is valid.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.