Main Vulnerability Database Vulnerabilities #VU22778

Improper access control in Huawei P20 - CVE-2019-5212

Published: November 14, 2019

Vulnerability identifier: #VU22778

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5212

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei P20

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the Huawei Share function does not properly restrict access to certain file from certain application. A local attacker can trick a victim to install a malicious application then establish a connect to the attacker through Huawei Share and disclose sensitive information on the target system.

How to mitigate CVE-2019-5212

Install updates from vendor's website.

Product Name	Affected Version	Resolved Product and Version
P20	Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8)	Emily-L29C 9.1.0.311(C10E2R1P13T8)
	Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8)	Emily-L29C 9.1.0.311(C461E2R1P11T8)
	Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8)	Emily-L29C 9.1.0.311(C605E2R1P12T8)
	Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)	Emily-L29C 9.1.0.311(C432E7R1P11T8)

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en

Improper access control in Huawei P20 - CVE-2019-5212

Detailed vulnerability description

How to mitigate CVE-2019-5212

Sources

Please verify you're human