Sign-up

ID

VAR-201908-0412


CVE

CVE-2019-5223


TITLE

PCManager Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007675

DESCRIPTION

PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. PCManager Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei PC Manager is a computer management application from the Chinese company Huawei (Huawei). There is an authorization problem vulnerability in Huawei PC Manager version 9.1.3.1. The vulnerability is caused by the fact that the interface of the driver does not fully verify the data from the user mode. An attacker could exploit this vulnerability to execute malicious code

Trust: 1.71

sources: NVD: CVE-2019-5223 // JVNDB: JVNDB-2019-007675 // VULHUB: VHN-156658

AFFECTED PRODUCTS

vendor:huaweimodel:pcmanagerscope:eqversion:9.1.3.1

Trust: 1.0

vendor:huaweimodel:pcmanagerscope:ltversion:9.1.3.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-007675 // NVD: CVE-2019-5223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5223
value: HIGH

Trust: 1.0

NVD: CVE-2019-5223
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1098
value: HIGH

Trust: 0.6

VULHUB: VHN-156658
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5223
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-156658
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5223
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-156658 // JVNDB: JVNDB-2019-007675 // CNNVD: CNNVD-201907-1098 // NVD: CVE-2019-5223

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-156658 // JVNDB: JVNDB-2019-007675 // NVD: CVE-2019-5223

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1098

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-1098

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007675

PATCH
title:huawei-sa-20190718-01-pcmanagerurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190718-01-pcmanager-en
Trust: 0.8
title:Huawei PC Manager Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95104
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007675 // 
            
            
            
            CNNVD: CNNVD-201907-1098

EXTERNAL IDS
db:NVDid:CVE-2019-5223
Trust: 2.5
db:JVNDBid:JVNDB-2019-007675
Trust: 0.8
db:CNNVDid:CNNVD-201907-1098
Trust: 0.7
db:VULHUBid:VHN-156658
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156658 // 
            
            
            
            JVNDB: JVNDB-2019-007675 // 
            
            
            
            CNNVD: CNNVD-201907-1098 // 
            
            
            
            NVD: CVE-2019-5223

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190718-01-pcmanager-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5223
Trust: 1.4
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190718-01-pcmanager-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5223
Trust: 0.8
sources:
            
            
            VULHUB: VHN-156658 // 
            
            
            
            JVNDB: JVNDB-2019-007675 // 
            
            
            
            CNNVD: CNNVD-201907-1098 // 
            
            
            
            NVD: CVE-2019-5223

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201907-1098

SOURCES
db:VULHUBid:VHN-156658
db:JVNDBid:JVNDB-2019-007675
db:CNNVDid:CNNVD-201907-1098
db:NVDid:CVE-2019-5223

LAST UPDATE DATE
2024-11-23T21:59:47.823000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-156658date:2019-08-16T00:00:00
db:JVNDBid:JVNDB-2019-007675date:2019-08-19T00:00:00
db:CNNVDid:CNNVD-201907-1098date:2019-08-19T00:00:00
db:NVDid:CVE-2019-5223date:2024-11-21T04:44:33.263

SOURCES RELEASE DATE
db:VULHUBid:VHN-156658date:2019-08-13T00:00:00
db:JVNDBid:JVNDB-2019-007675date:2019-08-19T00:00:00
db:CNNVDid:CNNVD-201907-1098date:2019-07-18T00:00:00
db:NVDid:CVE-2019-5223date:2019-08-13T21:15:12.003