CVE-2019-5307

Published: Jun 4, 2019Modified: Nov 21, 2024

4.2

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.6 / Impact: 2.5

Source: NVD

Description

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)

Affected (2)

Products: Huawei: P30 Firmware, P30 Pro Firmware

2 products

P30 Pro Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P30 Firmware	Before ele-al00_9.1.0.162

Running on/with	Platform Versions
Huawei P30	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P30 Pro Firmware	Before vog-al00_9.1.0.162

Running on/with	Platform Versions
Huawei P30 Pro	All versions

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.