#VU23415 Improper validation of integrity check value


Published: 2019-12-05

Vulnerability identifier: #VU23415

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-5226

CWE-ID: CWE-354

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
P30
Client/Desktop applications / Multimedia software
P30 Pro
Client/Desktop applications / Multimedia software
Huawei Mate 20
Client/Desktop applications / Multimedia software
Huawei HiSuite
Mobile applications / Apps for mobile phones

Vendor: Huawei

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected devices and software do not validate the upgrade package sufficiently. A local user can trick the user to install a malicious application and downgrade the system of smartphone to an older version.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

P30: All versions

P30 Pro: All versions

Huawei Mate 20: All versions

Huawei HiSuite: All versions


CPE

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability