Details of VAR-201908-0409

ID

VAR-201908-0409

CVE

CVE-2019-5237

TITLE

Huawei PCManager Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007735

DESCRIPTION

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. Huawei PCManager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei PCManager is a set of computer management software developed by China Huawei (Huawei). Access control error vulnerabilities exist in Huawei PCManager versions earlier than 9.0.1.66 (overseas regions) and versions earlier than 9.0.1.70 (China regions)

Trust: 1.71

sources: NVD: CVE-2019-5237 // JVNDB: JVNDB-2019-007735 // VULHUB: VHN-156672

AFFECTED PRODUCTS

vendor:	huawei	model:	pcmanager\	scope:	lt	version:	9.0.1.66	Trust: 1.0
vendor:	huawei	model:	pcmanager\	scope:	lt	version:	9.0.1.70	Trust: 1.0
vendor:	huawei	model:	pcmanager	scope:	lt	version:	(china) 9.0.1.70	Trust: 0.8
vendor:	huawei	model:	pcmanager	scope:	lt	version:	(oversea) 9.0.1.66	Trust: 0.8

sources: JVNDB: JVNDB-2019-007735 // NVD: CVE-2019-5237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5237
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5237
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-603
value:	HIGH
Trust: 0.6
VULHUB:	VHN-156672
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-5237
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-156672
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5237
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-156672 // JVNDB: JVNDB-2019-007735 // CNNVD: CNNVD-201907-603 // NVD: CVE-2019-5237

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-156672 // JVNDB: JVNDB-2019-007735 // NVD: CVE-2019-5237

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-603

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201907-603

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007735

PATCH

title:

huawei-sa-20190710-01-pcmanager

url:

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190710-01-pcmanager-en

Trust: 0.8

sources: JVNDB: JVNDB-2019-007735

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5237	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007735	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-603	Trust: 0.7
db:	VULHUB	id:	VHN-156672	Trust: 0.1

sources: VULHUB: VHN-156672 // JVNDB: JVNDB-2019-007735 // CNNVD: CNNVD-201907-603 // NVD: CVE-2019-5237

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190710-01-pcmanager-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5237	Trust: 1.4
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190710-01-pcmanager-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5237	Trust: 0.8

sources: VULHUB: VHN-156672 // JVNDB: JVNDB-2019-007735 // CNNVD: CNNVD-201907-603 // NVD: CVE-2019-5237

CREDITS

Mickey Shkatov with Jesse Michael

Trust: 0.6

sources: CNNVD: CNNVD-201907-603

SOURCES

db:	VULHUB	id:	VHN-156672
db:	JVNDB	id:	JVNDB-2019-007735
db:	CNNVD	id:	CNNVD-201907-603
db:	NVD	id:	CVE-2019-5237

LAST UPDATE DATE

2024-11-23T22:06:06.439000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-156672	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-007735	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201907-603	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-5237	date:	2024-11-21T04:44:34.970

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-156672	date:	2019-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-007735	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201907-603	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2019-5237	date:	2019-08-08T17:15:11.297