CVE-2019-5230

Published: Nov 13, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information.

Affected (3)

Products: Huawei: P20 Pro Firmware, P20 Firmware, Mate Rs Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P20 Pro Firmware	Before charlotte-al00a_9.1.0.321\(c00e320r1p1t8\)

Running on/with	Platform Versions
Huawei P20 Pro	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P20 Firmware	Before emily-al00a_9.1.0.321\(c00e320r1p1t8\)

Running on/with	Platform Versions
Huawei P20	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate Rs Firmware	Before neo-al00d_neo-al00_9.1.0.321\(c786e320r1p1t8\)

Running on/with	Platform Versions
Huawei Mate Rs	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-03-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-03-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.