Vulnerability Name:

CVE-2019-5225 (CCN-165789)

Assigned:2019-08-21
Published:2019-08-21
Updated:2019-12-06
Summary:P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-120
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-5225

Source: XF
Type: UNKNOWN
huawei-cve20195225-bo(165789)

Source: CCN
Type: huawei-sa-20190821-02-smartphone
Buffer Overflow Vulnerability on Several Smartphones

Source: CONFIRM
Type: Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-02-smartphone-en

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:p30_firmware:*:*:*:*:*:*:*:* (Version < elle-al00b_9.1.0.193(c00e190r1p21))
  • AND
  • cpe:/h:huawei:p30:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:mate_20_firmware:*:*:*:*:*:*:*:* (Version < hima-al00b_9.1.0.135(c00e200r2p1))
  • AND
  • cpe:/h:huawei:mate_20:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:* (Version < vogue-al00a_9.1.0.193(c00e190r1p12))
  • AND
  • cpe:/h:huawei:p30_pro:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:huawei:p30:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:p30_pro:-:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:mate_20:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei p30 firmware *
    huawei p30 -
    huawei mate 20 firmware *
    huawei mate 20 -
    huawei p30 pro firmware *
    huawei p30 pro -
    huawei p30 -
    huawei p30 pro -
    huawei mate 20 -