CVE-2019-5284
Vulnerability from cvelistv5
Published
2019-06-04 18:52
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Huawei | Leland-AL00A |
Version: Versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8) |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:54:52.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Leland-AL00A", "vendor": "Huawei", "versions": [ { "status": "affected", "version": "Versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8)" } ] } ], "datePublic": "2019-05-23T00:00:00", "descriptions": [ { "lang": "en", "value": "There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)" } ], "problemTypes": [ { "descriptions": [ { "description": "DoS", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-26T10:06:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5284", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Leland-AL00A", "version": { "version_data": [ { "version_value": "Versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8)" } ] } } ] }, "vendor_name": "Huawei" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "DoS" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en" } ] } } } }, "cveMetadata": { "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5284", "datePublished": "2019-06-04T18:52:01", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:54:52.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-5284\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2019-06-04T19:29:00.413\",\"lastModified\":\"2024-11-21T04:44:40.207\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad DoS en el m\u00f3dulo RTSP de las versiones de los tel\u00e9fonos inteligentes ( smart phones) Leland-AL00A Huawei anteriores a la versi\u00f3n Leland-AL00A 9.1.0.111 (C00E111R2P10T8). Los atacantes remotos podr\u00edan enga\u00f1ar al usuario para que abra un flujo de medios RTSP con formato incorrecto para aprovechar esta vulnerabilidad. La joperaci\u00f3n con \u00e9xito podr\u00eda causar que el tel\u00e9fono afectado sea anormal, lo que lleva a una condici\u00f3n DoS. (ID de vulnerabilidad: HWPSIRT-2019-02004\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:leland-al00a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"leland-al00a_9.1.0.111\\\\(c00e111r2p10t8\\\\)\",\"matchCriteriaId\":\"91BC4A32-C36A-4178-B321-A7B35A327272\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:leland-al00a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93788B36-B3A1-40EF-91DF-BE42A4D2BFAF\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.