Vulnerability Name:

CVE-2019-5307 (CCN-161764)

Assigned:2019-05-29
Published:2019-05-29
Updated:2020-08-24
Summary:Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)
CVSS v3 Severity:4.2 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
3.7 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
4.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
3.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
3.2 Low (CCN CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-294
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-5307

Source: XF
Type: UNKNOWN
huawei-4glte-replay-attack(161764)

Source: CCN
Type: huawei-sa-20190529-01-replay
Some Huawei 4G LTE devices are exposed to a message replay vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:p30_firmware:*:*:*:*:*:*:*:* (Version < ele-al00_9.1.0.162)
  • AND
  • cpe:/h:huawei:p30:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:* (Version < vog-al00_9.1.0.162)
  • AND
  • cpe:/h:huawei:p30_pro:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei p30 firmware *
    huawei p30 -
    huawei p30 pro firmware *
    huawei p30 pro -