Main Vulnerability Database Vulnerabilities #VU22778

#VU22778 Improper access control in Huawei P20 - CVE-2019-5212

Published: November 14, 2019

Vulnerability identifier: #VU22778

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5212

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Huawei P20

Software vendor:
Huawei

Description

The vulnerability allows a local attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the Huawei Share function does not properly restrict access to certain file from certain application. A local attacker can trick a victim to install a malicious application then establish a connect to the attacker through Huawei Share and disclose sensitive information on the target system.

Remediation

Install updates from vendor's website.

Product Name	Affected Version	Resolved Product and Version
P20	Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8)	Emily-L29C 9.1.0.311(C10E2R1P13T8)
	Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8)	Emily-L29C 9.1.0.311(C461E2R1P11T8)
	Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8)	Emily-L29C 9.1.0.311(C605E2R1P12T8)
	Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)	Emily-L29C 9.1.0.311(C432E7R1P11T8)

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en

#VU22778 Improper access control in Huawei P20 - CVE-2019-5212

Description

Remediation

External links

Please verify you're human