Details of VAR-201908-0411

ID

VAR-201908-0411

CVE

CVE-2019-5239

TITLE

Huawei PCManager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-007737

DESCRIPTION

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information. Huawei PCManager Contains an information disclosure vulnerability.Information may be obtained. Huawei PCManager is a set of computer management software developed by China Huawei (Huawei)

Trust: 1.71

sources: NVD: CVE-2019-5239 // JVNDB: JVNDB-2019-007737 // VULHUB: VHN-156674

AFFECTED PRODUCTS

vendor:	huawei	model:	pcmanager\	scope:	lt	version:	9.0.1.66	Trust: 1.0
vendor:	huawei	model:	pcmanager\	scope:	lt	version:	9.0.1.70	Trust: 1.0
vendor:	huawei	model:	pcmanager	scope:	lt	version:	(china) 9.0.1.70	Trust: 0.8
vendor:	huawei	model:	pcmanager	scope:	lt	version:	(oversea) 9.0.1.66	Trust: 0.8

sources: JVNDB: JVNDB-2019-007737 // NVD: CVE-2019-5239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5239
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5239
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201907-598
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-156674
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-5239
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-156674
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5239
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-156674 // JVNDB: JVNDB-2019-007737 // CNNVD: CNNVD-201907-598 // NVD: CVE-2019-5239

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-156674 // JVNDB: JVNDB-2019-007737 // NVD: CVE-2019-5239

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-598

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201907-598

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007737

PATCH

title:

huawei-sa-20190710-01-pcmanager

url:

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190710-01-pcmanager-en

Trust: 0.8

sources: JVNDB: JVNDB-2019-007737

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5239	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007737	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-598	Trust: 0.7
db:	VULHUB	id:	VHN-156674	Trust: 0.1

sources: VULHUB: VHN-156674 // JVNDB: JVNDB-2019-007737 // CNNVD: CNNVD-201907-598 // NVD: CVE-2019-5239

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190710-01-pcmanager-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5239	Trust: 1.4
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190710-01-pcmanager-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5239	Trust: 0.8

sources: VULHUB: VHN-156674 // JVNDB: JVNDB-2019-007737 // CNNVD: CNNVD-201907-598 // NVD: CVE-2019-5239

CREDITS

Mickey Shkatov with Jesse Michael, The vulnerability is caused by Eclypsium the company's Mickey Shkatov with Jesse Michael Report to Huawei PSIRT .

Trust: 0.6

sources: CNNVD: CNNVD-201907-598

SOURCES

db:	VULHUB	id:	VHN-156674
db:	JVNDB	id:	JVNDB-2019-007737
db:	CNNVD	id:	CNNVD-201907-598
db:	NVD	id:	CVE-2019-5239

LAST UPDATE DATE

2024-11-23T23:01:43.292000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-156674	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-007737	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201907-598	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-5239	date:	2024-11-21T04:44:35.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-156674	date:	2019-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-007737	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201907-598	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2019-5239	date:	2019-08-08T17:15:11.470