CVE-2019-5251

Published Dec 13, 2019

Last updated 5 years ago

CVSS medium 5.5

Overview

Description: There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B394D790-9589-4FC3-8B51-47B9F6E241D2",
            "versionEndExcluding": "9.1.0.333\\(c00e333r2p1t8\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76BF8190-0F8E-4BEF-81C6-FE409F6B812A",
            "versionEndExcluding": "9.1.0.226\\(c00e220r2p1\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:enjoy_7s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29CD79B3-14E0-44A4-B9DE-4C4A47449626",
            "versionEndExcluding": "9.1.0.130\\(c00e115r2p8t8\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:enjoy_7s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "40688207-579D-444D-A594-54E65069B6A3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9BE6DA3-8840-4B23-8F78-632112A2B039",
            "versionEndExcluding": "9.1.0.139\\(c00e133r3p1\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6154A71C-59D9-47C0-B7CA-AC837CB70E32",
            "versionEndExcluding": "9.1.0.143\\(c636e5r1p5t8\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DA66B4F-B5D6-485B-A741-1D08C03957E0",
            "versionEndExcluding": "9.1.0.120\\(c00e113r1p6t8\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:m6_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FC9664F-3422-4630-B917-326BDC4AF0BE",
            "versionEndExcluding": "9.1.1.150\\(c00e150r1p150\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:m6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "996B603A-E8F8-408D-A204-BB0638498F9E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B40B07F3-0A6C-4102-976F-2E787311AA12",
            "versionEndExcluding": "9.1.0.226\\(c00e210r2p1\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:honor_20s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BEBB5CD-2714-4761-A0C7-D97D24D267B6",
            "versionEndExcluding": "9.1.1.132\\(c00e131r6p1\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:honor_20s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C1442135-75BB-4C2C-8BBF-354CB0978489"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD9024A1-9F5A-4953-AE7C-6AB9926C0BBB",
            "versionEndExcluding": "9.1.0.130\\(c00e112r2p10t8\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References