Main Vulnerability Database SB2019060414

SB2019060414 - Man-in-the-Middle (MitM) attack in Huawei P30 Pro

Published: June 4, 2019 Updated: September 30, 2019

Security Bulletin ID SB2019060414

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2019-5215)

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

The vulnerability allows remote attacker to perform a man-in-the-middle attack.

The vulnerability exists due to the affected software does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. When users establish connection and transfer data through Huawei Share, an attacker at adjacent network can sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data.

Remediation

Install update from vendor's website.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en