Main Vulnerability Database Vulnerabilities #VU22777

#VU22777 Improper access control in Huawei P20 - CVE-2019-5211

Published: November 14, 2019

Vulnerability identifier: #VU22777

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5211

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Huawei P20

Software vendor:
Huawei

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper file management in the Share function. An attacker on adjacent network can trick the victim to perform certain operations on the mobile phone during file transfer and delete some files on the victim's mobile phone.

Remediation

Install updates from vendor's website.

Product Name	Affected Version	Resolved Product and Version
P20	Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8)	Emily-L29C 9.1.0.311(C10E2R1P13T8)
	Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8)	Emily-L29C 9.1.0.311(C461E2R1P11T8)
	Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8)	Emily-L29C 9.1.0.311(C605E2R1P12T8)
	Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)	Emily-L29C 9.1.0.311(C432E7R1P11T8)

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en

#VU22777 Improper access control in Huawei P20 - CVE-2019-5211

Description

Remediation

External links

Please verify you're human