Main Vulnerability Database Vulnerabilities #VU21449

Man-in-the-Middle (MitM) attack in P30 Pro and P30 - CVE-2019-5215

Published: September 30, 2019

Vulnerability identifier: #VU21449

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2019-5215

CWE-ID: CWE-300

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
P30 Pro
P30

Detailed vulnerability description

The vulnerability allows remote attacker to perform a man-in-the-middle attack.

The vulnerability exists due to the affected software does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. When users establish connection and transfer data through Huawei Share, an attacker at adjacent network can sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data.

How to mitigate CVE-2019-5215

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en

Man-in-the-Middle (MitM) attack in P30 Pro and P30 - CVE-2019-5215

Detailed vulnerability description

How to mitigate CVE-2019-5215

Sources

Please verify you're human