CVE-2019-5251

Published: Dic 13, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-14856 Aliases: GSD-2019-5251
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0013
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Operating System

Enjoy 7S Firmware by Huawei

Product Information
Vendor Huawei
Product Enjoy 7S Firmware
Version Range Affected
To 9.1.0.130\(c00e115r2p8t8\) (exclusive)
cpe:2.3:o:huawei:enjoy_7s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 20S Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 20S Firmware
Version Range Affected
To 9.1.1.132\(c00e131r6p1\) (exclusive)
cpe:2.3:o:huawei:honor_20s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 9I Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 9I Firmware
Version Range Affected
To 9.1.0.120\(c00e113r1p6t8\) (exclusive)
cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 9 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 9 Lite Firmware
Version Range Affected
To 9.1.0.143\(c636e5r1p5t8\) (exclusive)
cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P30 Firmware by Huawei

Product Information
Vendor Huawei
Product P30 Firmware
Version Range Affected
To 9.1.0.226\(c00e220r2p1\) (exclusive)
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

M6 Firmware by Huawei

Product Information
Vendor Huawei
Product M6 Firmware
Version Range Affected
To 9.1.1.150\(c00e150r1p150\) (exclusive)
cpe:2.3:o:huawei:m6_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor V10 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor V10 Firmware
Version Range Affected
To 9.1.0.333\(c00e333r2p1t8\) (exclusive)
cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P30 Pro Firmware by Huawei

Product Information
Vendor Huawei
Product P30 Pro Firmware
Version Range Affected
To 9.1.0.226\(c00e210r2p1\) (exclusive)
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate 20 Firmware by Huawei

Product Information
Vendor Huawei
Product Mate 20 Firmware
Version Range Affected
To 9.1.0.139\(c00e133r3p1\) (exclusive)
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 9 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 9 Lite Firmware
Version Range Affected
To 9.1.0.130\(c00e112r2p10t8\) (exclusive)
cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.huawei.com/en/psirt/security-advisories/huawei-…
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smart…
https://www.huawei.com/en/psirt/security-advisories/huawei-…
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smart…