Sign-up

ID

VAR-201906-0349


CVE

CVE-2019-5241


TITLE

Huawei PCManager Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-005371

DESCRIPTION

There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Huawei PCManager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei PCManager is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability. Attackers can leverage these issues to gain elevated privileges or execute arbitrary code within the context of the affected application. This issue has been fixed in PCManager 9.0.1.70, and 9.0.1.66. Huawei PCManager is a set of computer management software developed by China Huawei (Huawei)

Trust: 2.07

sources: NVD: CVE-2019-5241 // JVNDB: JVNDB-2019-005371 // BID: 106838 // VULHUB: VHN-156676 // VULMON: CVE-2019-5241

AFFECTED PRODUCTS

vendor:huaweimodel:pcmanagerscope:lteversion:9.0.1.50

Trust: 1.0

vendor:huaweimodel:pcmanagerscope:ltversion:9.0.1.50

Trust: 0.8

vendor:huaweimodel:pcmanagerscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:pcmanagerscope:neversion:9.0.1.70

Trust: 0.3

vendor:huaweimodel:pcmanagerscope:neversion:9.0.1.66

Trust: 0.3

sources: BID: 106838 // JVNDB: JVNDB-2019-005371 // NVD: CVE-2019-5241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5241
value: HIGH

Trust: 1.0

NVD: CVE-2019-5241
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-327
value: HIGH

Trust: 0.6

VULHUB: VHN-156676
value: HIGH

Trust: 0.1

VULMON: CVE-2019-5241
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-5241
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-156676
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5241
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-156676 // VULMON: CVE-2019-5241 // JVNDB: JVNDB-2019-005371 // CNNVD: CNNVD-201901-327 // NVD: CVE-2019-5241

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-156676 // JVNDB: JVNDB-2019-005371 // NVD: CVE-2019-5241

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-327

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201901-327

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005371

PATCH
title:huawei-sa-20190109-01-pcmanagerurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en
Trust: 0.8
title:Huawei PCManager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88475
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - Two Vulnerabilities in Huawei PCManager Producturl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=873b2b39f63f2cebe5854d66f23c1333
Trust: 0.1
title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers 
Trust: 0.1
title: - url:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5241 // 
            
            
            
            JVNDB: JVNDB-2019-005371 // 
            
            
            
            CNNVD: CNNVD-201901-327

EXTERNAL IDS
db:NVDid:CVE-2019-5241
Trust: 2.9
db:BIDid:106838
Trust: 1.0
db:JVNDBid:JVNDB-2019-005371
Trust: 0.8
db:CNNVDid:CNNVD-201901-327
Trust: 0.7
db:NSFOCUSid:43601
Trust: 0.6
db:VULHUBid:VHN-156676
Trust: 0.1
db:VULMONid:CVE-2019-5241
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156676 // 
            
            
            
            VULMON: CVE-2019-5241 // 
            
            
            
            BID: 106838 // 
            
            
            
            JVNDB: JVNDB-2019-005371 // 
            
            
            
            CNNVD: CNNVD-201901-327 // 
            
            
            
            NVD: CVE-2019-5241

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-5241
Trust: 1.4
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5241
Trust: 0.8
url:http://www.securityfocus.com/bid/106838
Trust: 0.7
url:http://www.nsfocus.net/vulndb/43601
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:https://www.microsoft.com/security/blog/2019/03/25/from-alert-to-driver-vulnerability-microsoft-defender-atp-investigation-unearths-privilege-escalation-flaw/
Trust: 0.3
url:https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-01-pcmanager-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156676 // 
            
            
            
            VULMON: CVE-2019-5241 // 
            
            
            
            BID: 106838 // 
            
            
            
            JVNDB: JVNDB-2019-005371 // 
            
            
            
            CNNVD: CNNVD-201901-327 // 
            
            
            
            NVD: CVE-2019-5241

CREDITS
Microsoft Defender research team  ?? ??,Microsoft Defender Research Team
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201901-327

SOURCES
db:VULHUBid:VHN-156676
db:VULMONid:CVE-2019-5241
db:BIDid:106838
db:JVNDBid:JVNDB-2019-005371
db:CNNVDid:CNNVD-201901-327
db:NVDid:CVE-2019-5241

LAST UPDATE DATE
2024-11-23T22:33:54.345000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-156676date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-5241date:2020-08-24T00:00:00
db:BIDid:106838date:2019-03-27T05:00:00
db:JVNDBid:JVNDB-2019-005371date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201901-327date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5241date:2024-11-21T04:44:35.333

SOURCES RELEASE DATE
db:VULHUBid:VHN-156676date:2019-06-06T00:00:00
db:VULMONid:CVE-2019-5241date:2019-06-06T00:00:00
db:BIDid:106838date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-005371date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201901-327date:2019-01-10T00:00:00
db:NVDid:CVE-2019-5241date:2019-06-06T15:29:01.267