cve-2019-5287
Vulnerability from cvelistv5
Published
2019-11-13 14:43
Modified
2024-08-04 19:54
Severity ?
Summary
P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-enVendor Advisory
Impacted products
Vendor Product Version
n/a P30 Version: Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:51.844Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P30",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-13T14:43:42",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2019-5287",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P30",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en",
              "refsource": "MISC",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2019-5287",
    "datePublished": "2019-11-13T14:43:42",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:54:51.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"elle-al00b_9.1.0.193\\\\(c00e190r2p1\\\\)\", \"matchCriteriaId\": \"685D05E1-BFE2-469D-AF24-B9B5175C2D3E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21EE286C-8111-4F59-8CF1-13C68EA76B21\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Los tel\\u00e9fonos inteligentes P30 con  versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R2P1), presentan una vulnerabilidad de desbordamiento de enteros debido a una comprobaci\\u00f3n insuficiente de par\\u00e1metros espec\\u00edficos. Un atacante enga\\u00f1a al usuario para que instale una aplicaci\\u00f3n maliciosa, obtenga el permiso de root y construya par\\u00e1metros espec\\u00edficos para el programa de la c\\u00e1mara para explotar esta vulnerabilidad. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda causar que el programa se da\\u00f1e o permita la ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2019-5287",
      "lastModified": "2024-11-21T04:44:40.570",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-11-13T15:15:10.340",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5287\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2019-11-13T15:15:10.340\",\"lastModified\":\"2024-11-21T04:44:40.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Los tel\u00e9fonos inteligentes P30 con  versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R2P1), presentan una vulnerabilidad de desbordamiento de enteros debido a una comprobaci\u00f3n insuficiente de par\u00e1metros espec\u00edficos. Un atacante enga\u00f1a al usuario para que instale una aplicaci\u00f3n maliciosa, obtenga el permiso de root y construya par\u00e1metros espec\u00edficos para el programa de la c\u00e1mara para explotar esta vulnerabilidad. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar que el programa se da\u00f1e o permita la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"elle-al00b_9.1.0.193\\\\(c00e190r2p1\\\\)\",\"matchCriteriaId\":\"685D05E1-BFE2-469D-AF24-B9B5175C2D3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21EE286C-8111-4F59-8CF1-13C68EA76B21\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.