Main Vulnerability Database Vulnerabilities #VU22801

#VU22801 Integer overflow in P30 - CVE-2019-5287

Published: November 15, 2019

Vulnerability identifier: #VU22801

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5287

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
P30

Software vendor:
Huawei

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists because of integer overflow due to insufficient check on specific parameters. A local user can trick the victim to install a malicious application, obtain the root permission, construct specific parameters to the camera program, trigger integer overflow and execute arbitrary code on the target system or break down the program.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en

#VU22801 Integer overflow in P30 - CVE-2019-5287

Description

Remediation

External links

Please verify you're human