Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-5251 |
CWE-ID | CWE-22 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Huawei Honor V10 Client/Desktop applications / Multimedia software P30 Client/Desktop applications / Multimedia software Huawei Enjoy 7S Client/Desktop applications / Multimedia software Huawei Mate 20 Client/Desktop applications / Multimedia software Huawei Honor 9 Lite Client/Desktop applications / Multimedia software Huawei Honor 9i Client/Desktop applications / Multimedia software Huawei M6 Client/Desktop applications / Multimedia software P30 Pro Client/Desktop applications / Multimedia software Huawei Honor 20s Client/Desktop applications / Multimedia software |
Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU23412
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5251
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A local attacker can trick the victim to install, backup up and restore a malicious application and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Honor V10: before 9.1.0.333
P30: before 9.1.0.226
Huawei Enjoy 7S: before 9.1.0.226
Huawei Mate 20: before 9.1.0.139
Huawei Honor 9 Lite: before 9.1.0.143
Huawei Honor 9i: before 9.1.0.120
Huawei M6: before 9.1.1.150
P30 Pro: before 9.1.0.226
Huawei Honor 20s: before 9.1.1.132
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.