Details of VAR-201911-0826

ID

VAR-201911-0826

CVE

CVE-2019-5212

TITLE

Huawei Share Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-012692

DESCRIPTION

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure. Huawei Share Contains an information disclosure vulnerability.Information may be obtained. Huawei P20 is a smartphone from China's Huawei company

Trust: 2.16

sources: NVD: CVE-2019-5212 // JVNDB: JVNDB-2019-012692 // CNVD: CNVD-2019-41258

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-41258

AFFECTED PRODUCTS

vendor:	huawei	model:	p20 <emily-l29c 9.1.0.311	scope:	-	version:	-	Trust: 2.4
vendor:	huawei	model:	p20	scope:	eq	version:	-	Trust: 1.2
vendor:	huawei	model:	p20	scope:	lt	version:	emily-l29c_9.1.0.311\(c605e2r1p12t8\)	Trust: 1.0
vendor:	huawei	model:	p20	scope:	lt	version:	emily-l29c_9.1.0.311\(c461e2r1p11t8\)	Trust: 1.0
vendor:	huawei	model:	p20	scope:	lt	version:	emily-l29c_9.1.0.311\(c10e2r1p13t8\)	Trust: 1.0
vendor:	huawei	model:	p20	scope:	lt	version:	emily-l29c_9.1.0.311\(c432e7r1p11t8\)	Trust: 1.0
vendor:	huawei	model:	p20	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p20	scope:	eq	version:	emily-l29c_9.1.0.311c432e7r1p11t8	Trust: 0.6
vendor:	huawei	model:	p20	scope:	eq	version:	emily-al00a_9.0.0.167c00e81r1p21t8	Trust: 0.6
vendor:	huawei	model:	p20	scope:	eq	version:	emily-l29c_9.1.0.311c10e2r1p13t8	Trust: 0.6
vendor:	huawei	model:	p20	scope:	eq	version:	emily-al00a_9.1.0.321c00e320r1p1t8	Trust: 0.6

sources: CNVD: CNVD-2019-41258 // JVNDB: JVNDB-2019-012692 // CNNVD: CNNVD-201911-772 // NVD: CVE-2019-5212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5212
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5212
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-41258
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201911-772
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5212
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-41258
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5212
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5212
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-41258 // JVNDB: JVNDB-2019-012692 // CNNVD: CNNVD-201911-772 // NVD: CVE-2019-5212

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-012692 // NVD: CVE-2019-5212

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-772

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-772

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012692

PATCH

title:	huawei-sa-20191113-01-share	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en	Trust: 0.8
title:	Patch for Huawei P20 Access Control Vulnerability Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/190795	Trust: 0.6
title:	Huawei P20 Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104681	Trust: 0.6

sources: CNVD: CNVD-2019-41258 // JVNDB: JVNDB-2019-012692 // CNNVD: CNNVD-201911-772

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5212	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012692	Trust: 0.8
db:	CNVD	id:	CNVD-2019-41258	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-772	Trust: 0.6

sources: CNVD: CNVD-2019-41258 // JVNDB: JVNDB-2019-012692 // CNNVD: CNNVD-201911-772 // NVD: CVE-2019-5212

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5212	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191113-01-share-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5212	Trust: 0.8

sources: CNVD: CNVD-2019-41258 // JVNDB: JVNDB-2019-012692 // CNNVD: CNNVD-201911-772 // NVD: CVE-2019-5212

SOURCES

db:	CNVD	id:	CNVD-2019-41258
db:	JVNDB	id:	JVNDB-2019-012692
db:	CNNVD	id:	CNNVD-201911-772
db:	NVD	id:	CVE-2019-5212

LAST UPDATE DATE

2024-11-23T21:51:50.568000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-41258	date:	2019-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-012692	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-772	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-5212	date:	2024-11-21T04:44:31.507

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-41258	date:	2019-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-012692	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-772	date:	2019-11-13T00:00:00
db:	NVD	id:	CVE-2019-5212	date:	2019-11-29T20:15:10.957