Details of VAR-201906-0350

ID

VAR-201906-0350

CVE

CVE-2019-5242

TITLE

Huawei PCManager Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005372

DESCRIPTION

There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory. Huawei PCManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei PCManager is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability. Attackers can leverage these issues to gain elevated privileges or execute arbitrary code within the context of the affected application. This issue has been fixed in PCManager 9.0.1.70, and 9.0.1.66. Huawei PCManager is a set of computer management software developed by China Huawei (Huawei)

Trust: 1.98

sources: NVD: CVE-2019-5242 // JVNDB: JVNDB-2019-005372 // BID: 106838 // VULHUB: VHN-156677

AFFECTED PRODUCTS

vendor:	huawei	model:	pcmanager	scope:	lte	version:	9.0.1.50	Trust: 1.0
vendor:	huawei	model:	pcmanager	scope:	lt	version:	9.0.1.50	Trust: 0.8
vendor:	huawei	model:	pcmanager	scope:	eq	version:	0	Trust: 0.3
vendor:	huawei	model:	pcmanager	scope:	ne	version:	9.0.1.70	Trust: 0.3
vendor:	huawei	model:	pcmanager	scope:	ne	version:	9.0.1.66	Trust: 0.3

sources: BID: 106838 // JVNDB: JVNDB-2019-005372 // NVD: CVE-2019-5242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5242
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5242
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-328
value:	HIGH
Trust: 0.6
VULHUB:	VHN-156677
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-5242
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-156677
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5242
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-156677 // JVNDB: JVNDB-2019-005372 // CNNVD: CNNVD-201901-328 // NVD: CVE-2019-5242

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-156677 // JVNDB: JVNDB-2019-005372 // NVD: CVE-2019-5242

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-328

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201901-328

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005372

PATCH

title:	huawei-sa-20190109-01-pcmanager	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en	Trust: 0.8
title:	Huawei PCManager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88474	Trust: 0.6

sources: JVNDB: JVNDB-2019-005372 // CNNVD: CNNVD-201901-328

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5242	Trust: 2.8
db:	BID	id:	106838	Trust: 0.9
db:	JVNDB	id:	JVNDB-2019-005372	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-328	Trust: 0.7
db:	NSFOCUS	id:	43601	Trust: 0.6
db:	VULHUB	id:	VHN-156677	Trust: 0.1

sources: VULHUB: VHN-156677 // BID: 106838 // JVNDB: JVNDB-2019-005372 // CNNVD: CNNVD-201901-328 // NVD: CVE-2019-5242

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5242	Trust: 1.4
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5242	Trust: 0.8
url:	http://www.securityfocus.com/bid/106838	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43601	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3
url:	https://www.microsoft.com/security/blog/2019/03/25/from-alert-to-driver-vulnerability-microsoft-defender-atp-investigation-unearths-privilege-escalation-flaw/	Trust: 0.3
url:	https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-01-pcmanager-en	Trust: 0.3

sources: VULHUB: VHN-156677 // BID: 106838 // JVNDB: JVNDB-2019-005372 // CNNVD: CNNVD-201901-328 // NVD: CVE-2019-5242

CREDITS

Microsoft Defender research team ,Microsoft Defender Research Team

Trust: 0.6

sources: CNNVD: CNNVD-201901-328

SOURCES

db:	VULHUB	id:	VHN-156677
db:	BID	id:	106838
db:	JVNDB	id:	JVNDB-2019-005372
db:	CNNVD	id:	CNNVD-201901-328
db:	NVD	id:	CVE-2019-5242

LAST UPDATE DATE

2024-11-23T22:33:50.904000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-156677	date:	2019-06-10T00:00:00
db:	BID	id:	106838	date:	2019-03-27T05:00:00
db:	JVNDB	id:	JVNDB-2019-005372	date:	2019-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201901-328	date:	2021-07-26T00:00:00
db:	NVD	id:	CVE-2019-5242	date:	2024-11-21T04:44:35.453

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-156677	date:	2019-06-06T00:00:00
db:	BID	id:	106838	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-005372	date:	2019-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201901-328	date:	2019-01-10T00:00:00
db:	NVD	id:	CVE-2019-5242	date:	2019-06-06T15:29:01.313