CVE-2019-5211 (GCVE-0-2019-5211)

Vulnerability from cvelistv5 – Published: 2019-11-29 19:45 – Updated: 2024-08-04 19:47
VLAI?
Summary
The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.
Severity ?
No CVSS data available.
CWE
  • Improper File Management
Assigner
References
Impacted products
Vendor Product Version
n/a P20 Affected: Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8), Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8),Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8), Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:47:56.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P20",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8), Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8),Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8), Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim\u0027s mobile phone are deleted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper File Management",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-29T19:45:47",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2019-5211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P20",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8), Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8),Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8), Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim\u0027s mobile phone are deleted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper File Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2019-5211",
    "datePublished": "2019-11-29T19:45:47",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:47:56.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"emily-l29c_9.1.0.311\\\\(c10e2r1p13t8\\\\)\", \"matchCriteriaId\": \"090E3CA9-AB5E-47CC-A23D-A533FD4ACB85\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"emily-l29c_9.1.0.311\\\\(c461e2r1p11t8\\\\)\", \"matchCriteriaId\": \"DE26A16D-571F-4433-B62B-80EDCEDC0279\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"emily-l29c_9.1.0.311\\\\(c605e2r1p12t8\\\\)\", \"matchCriteriaId\": \"6AEAA325-0964-4A89-BEE0-A4A4035486BD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"emily-l29c_9.1.0.311\\\\(c432e7r1p11t8\\\\)\", \"matchCriteriaId\": \"1ECB5304-84C8-49C9-ABE8-63D6C0A9CEFA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim\u0027s mobile phone are deleted.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n Huawei Share de los tel\\u00e9fonos P20 con versiones anteriores a Emily-L29C 9.1.0.311, presenta una vulnerabilidad de administraci\\u00f3n de archivos inapropiada. El atacante enga\\u00f1a a la v\\u00edctima para que realice determinadas operaciones en el tel\\u00e9fono m\\u00f3vil durante la transferencia de archivos. Debido a que el archivo no es procesado apropiadamente, una explotaci\\u00f3n con \\u00e9xito puede causar que algunos archivos en el tel\\u00e9fono m\\u00f3vil de la v\\u00edctima sean eliminados.\"}]",
      "id": "CVE-2019-5211",
      "lastModified": "2024-11-21T04:44:31.393",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 4.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 5.5, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-11-29T20:15:10.863",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5211\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2019-11-29T20:15:10.863\",\"lastModified\":\"2024-11-21T04:44:31.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim\u0027s mobile phone are deleted.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n Huawei Share de los tel\u00e9fonos P20 con versiones anteriores a Emily-L29C 9.1.0.311, presenta una vulnerabilidad de administraci\u00f3n de archivos inapropiada. El atacante enga\u00f1a a la v\u00edctima para que realice determinadas operaciones en el tel\u00e9fono m\u00f3vil durante la transferencia de archivos. Debido a que el archivo no es procesado apropiadamente, una explotaci\u00f3n con \u00e9xito puede causar que algunos archivos en el tel\u00e9fono m\u00f3vil de la v\u00edctima sean eliminados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"emily-l29c_9.1.0.311\\\\(c10e2r1p13t8\\\\)\",\"matchCriteriaId\":\"090E3CA9-AB5E-47CC-A23D-A533FD4ACB85\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"emily-l29c_9.1.0.311\\\\(c461e2r1p11t8\\\\)\",\"matchCriteriaId\":\"DE26A16D-571F-4433-B62B-80EDCEDC0279\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"emily-l29c_9.1.0.311\\\\(c605e2r1p12t8\\\\)\",\"matchCriteriaId\":\"6AEAA325-0964-4A89-BEE0-A4A4035486BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"emily-l29c_9.1.0.311\\\\(c432e7r1p11t8\\\\)\",\"matchCriteriaId\":\"1ECB5304-84C8-49C9-ABE8-63D6C0A9CEFA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7492911B-4242-4947-9DED-9F48FC0875CD\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-02-share-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.