Main Vulnerability Database Vulnerabilities #VU22777

Improper access control in Huawei P20 - CVE-2019-5211

Published: November 14, 2019

Vulnerability identifier: #VU22777

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5211

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei P20

Detailed vulnerability description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper file management in the Share function. An attacker on adjacent network can trick the victim to perform certain operations on the mobile phone during file transfer and delete some files on the victim's mobile phone.

How to mitigate CVE-2019-5211

Install updates from vendor's website.

Product Name	Affected Version	Resolved Product and Version
P20	Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8)	Emily-L29C 9.1.0.311(C10E2R1P13T8)
	Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8)	Emily-L29C 9.1.0.311(C461E2R1P11T8)
	Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8)	Emily-L29C 9.1.0.311(C605E2R1P12T8)
	Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)	Emily-L29C 9.1.0.311(C432E7R1P11T8)

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en

Improper access control in Huawei P20 - CVE-2019-5211

Detailed vulnerability description

How to mitigate CVE-2019-5211

Sources

Please verify you're human