CVE-2019-5279

Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-02-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-13 14:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-5279

Mitre link : CVE-2019-5279

CVE.ORG link : CVE-2019-5279

JSON object : View

Products Affected

huawei

emily-l29c
emily-l29c_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-5279", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-11-13T14:15:10.397", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-02-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes Huawei Emily-L29C con versiones anteriores a 9.1.0.311(C10E2R1P13T8), versiones anteriores a 9.1.0.311(C461E2R1P11T8), versiones anteriores a 9.1.0.316(C635E2R1P11T8), versiones anteriores a 9.1.0.311(C185E2R1P12T8), versiones anteriores 9.1.0.311(C605E2R1P12T8), las versiones anteriores a 9.1.0.311(C636E7R1P13T8), presentan una vulnerabilidad de filtrado de informaci\u00f3n. Un atacante enga\u00f1a al usuario para que instale una aplicaci\u00f3n maliciosa, que puede copiar archivos espec\u00edficos a la tarjeta sd, lo que resulta en un filtrado de informaci\u00f3n."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D55B913-F172-476C-B65E-59B9A1A64E61", "versionEndExcluding": "9.1.0.311\\(c10e2r1p13t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9356FA3A-1DCE-4382-BDE5-B6FBBD294352", "versionEndExcluding": "9.1.0.311\\(c461e2r1p11t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AA25466-8B46-40DE-84A3-62F11604199E", "versionEndExcluding": "9.1.0.316\\(c635e2r1p11t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52181D05-015A-4ADB-B81F-3EAFAD864B30", "versionEndExcluding": "9.1.0.311\\(c185e2r1p12t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D691689C-4EA7-4C2B-82FF-EBF7E1914C2B", "versionEndExcluding": "9.1.0.311\\(c605e2r1p12t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1ED8852-7D46-493C-9A4B-0D267C4AF7A9", "versionEndExcluding": "9.1.0.311\\(c636e7r1p13t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}