CVE-2019-5263

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:huawei:hisuite::::::macos::*
	cpe:2.3:a:huawei:hisuite::::::windows::*
	cpe:2.3:a:huawei:hwbackup::::::::

History

No history.

Information

Published : 2019-11-29 20:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-5263

Mitre link : CVE-2019-5263

CVE.ORG link : CVE-2019-5263

JSON object : View

Products Affected

huawei

hwbackup
hisuite

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2019-5263", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-11-29T20:15:12.003", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup."}, {"lang": "es", "value": "HiSuite con versiones 9.1.0.305 y anteriores y 9.1.0.305(MAC) y anteriores y HwBackup con versiones anteriores a 9.1.1.308, presentan una vulnerabilidad de datos de copia de seguridad encriptados por fuerza bruta. La informaci\u00f3n de la copia de seguridad del usuario del tel\u00e9fono inteligente Huawei puede ser obtenida mediante fuerza bruta de la contrase\u00f1a para cifrar la copia de seguridad."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "7D75F234-2669-42CA-A0A1-B098090311C8", "versionEndIncluding": "9.1.0.305"}, {"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C441C288-AA09-4D71-A6B2-9CD5301AE6FA", "versionEndIncluding": "9.1.0.305"}, {"criteria": "cpe:2.3:a:huawei:hwbackup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE40AA61-6819-49F0-A027-35ED2F81B89A", "versionEndIncluding": "9.1.1.308"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}