CVE-2019-5301

{"id": "CVE-2019-5301", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2019-08-08T17:15:11.580", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190807-01-mobile-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190807-01-mobile-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information."}, {"lang": "es", "value": "Huawei smart phones Honor V20 en versiones anteriores a 9.0.1.161 (C00E161R2P2) tienen una vulnerabilidad de fuga de informaci\u00f3n. Un atacante puede enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa. Debido al error de codificaci\u00f3n durante el procesamiento de la informaci\u00f3n de la capa, los atacantes pueden aprovechar esta vulnerabilidad para obtener informaci\u00f3n de la capa."}], "lastModified": "2024-11-21T04:44:42.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_v20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5DCB18E-3E76-4284-9EBB-D04258A01DAE", "versionEndExcluding": "9.0.1.161\\(c00e161r2p2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_v20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FF332D5-0799-487A-970B-E0FB7435207D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}