Details of VAR-201902-0204

ID

VAR-201902-0204

CVE

CVE-2019-5914

TITLE

A vulnerability in V20 PRO L-01J that may cause a crash

Trust: 0.8

sources: JVNDB: JVNDB-2019-000008

DESCRIPTION

V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point. V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of Sole Proprietorship, and Hideaki Goto of Tohoku University reported this vulnerability to IPA. LG V20 PRO L-01J is a smartphone produced by South Korea's LG Company. A security vulnerability exists in the LG V20 PRO L-01J L01J20c version and L01J20d version

Trust: 1.71

sources: NVD: CVE-2019-5914 // JVNDB: JVNDB-2019-000008 // VULHUB: VHN-157349

AFFECTED PRODUCTS

vendor:	nttdocomo	model:	v20 pro l-01j	scope:	eq	version:	l01j20d	Trust: 1.0
vendor:	nttdocomo	model:	v20 pro l-01j	scope:	eq	version:	l01j20c	Trust: 1.0
vendor:	ntt docomo	model:	v20 pro l-01j	scope:	eq	version:	software version l01j20c and l01j20d	Trust: 0.8

sources: JVNDB: JVNDB-2019-000008 // NVD: CVE-2019-5914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5914
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2019-000008
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201902-550
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-157349
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-5914
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2019-000008
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-157349
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5914
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.0
IPA:	JVNDB-2019-000008
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-157349 // JVNDB: JVNDB-2019-000008 // CNNVD: CNNVD-201902-550 // NVD: CVE-2019-5914

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-157349 // JVNDB: JVNDB-2019-000008 // NVD: CVE-2019-5914

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201902-550

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201902-550

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-000008

PATCH

title:	Information from NTT DOCOMO, INC.	url:	https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html	Trust: 0.8
title:	LG V20 PRO L-01J Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89354	Trust: 0.6

sources: JVNDB: JVNDB-2019-000008 // CNNVD: CNNVD-201902-550

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5914	Trust: 2.5
db:	JVN	id:	JVN40439414	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-000008	Trust: 1.4
db:	CNNVD	id:	CNNVD-201902-550	Trust: 0.7
db:	VULHUB	id:	VHN-157349	Trust: 0.1

sources: VULHUB: VHN-157349 // JVNDB: JVNDB-2019-000008 // CNNVD: CNNVD-201902-550 // NVD: CVE-2019-5914

REFERENCES

url:	http://jvn.jp/en/jp/jvn40439414/index.html	Trust: 2.5
url:	https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5914	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5914	Trust: 0.8
url:	https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000008.html	Trust: 0.6

sources: VULHUB: VHN-157349 // JVNDB: JVNDB-2019-000008 // CNNVD: CNNVD-201902-550 // NVD: CVE-2019-5914

SOURCES

db:	VULHUB	id:	VHN-157349
db:	JVNDB	id:	JVNDB-2019-000008
db:	CNNVD	id:	CNNVD-201902-550
db:	NVD	id:	CVE-2019-5914

LAST UPDATE DATE

2024-11-23T22:41:36.695000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157349	date:	2019-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-000008	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201902-550	date:	2019-02-22T00:00:00
db:	NVD	id:	CVE-2019-5914	date:	2024-11-21T04:45:44.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157349	date:	2019-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-000008	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201902-550	date:	2019-02-13T00:00:00
db:	NVD	id:	CVE-2019-5914	date:	2019-02-13T18:29:00.980