Details of VAR-201912-0914

ID

VAR-201912-0914

CVE

CVE-2019-19398

TITLE

Huawei M5 lite 10 Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-00517 // CNNVD: CNNVD-201912-1099

DESCRIPTION

M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution. M5 lite 10 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei M5 lite 10 is a tablet from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-19398 // JVNDB: JVNDB-2019-013527 // CNVD: CNVD-2020-00517

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-00517

AFFECTED PRODUCTS

vendor:	huawei	model:	m5 lite 10	scope:	eq	version:	8.0.0.182\(c00\)	Trust: 1.0
vendor:	huawei	model:	m5 lite 10	scope:	eq	version:	8.0.0.182(c00)	Trust: 0.8
vendor:	huawei	model:	m5 lite 8.0.0.182	scope:	eq	version:	1010	Trust: 0.6
vendor:	huawei	model:	m5 lite 10	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	m5 lite 10	scope:	eq	version:	8.0.0.182c00	Trust: 0.6

sources: CNVD: CNVD-2020-00517 // JVNDB: JVNDB-2019-013527 // CNNVD: CNNVD-201912-1099 // NVD: CVE-2019-19398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19398
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-19398
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-00517
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-1099
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-19398
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-00517
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-19398
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19398
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-00517 // JVNDB: JVNDB-2019-013527 // CNNVD: CNNVD-201912-1099 // NVD: CVE-2019-19398

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013527 // NVD: CVE-2019-19398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1099

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-1099

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013527

PATCH

title:	huawei-sa-20191225-01-validation	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-validation-en	Trust: 0.8
title:	Patch for Huawei M5 lite 10 Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/196161	Trust: 0.6
title:	Huawei M5 lite 10 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106421	Trust: 0.6

sources: CNVD: CNVD-2020-00517 // JVNDB: JVNDB-2019-013527 // CNNVD: CNNVD-201912-1099

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19398	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013527	Trust: 0.8
db:	CNVD	id:	CNVD-2020-00517	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-1099	Trust: 0.6

sources: CNVD: CNVD-2020-00517 // JVNDB: JVNDB-2019-013527 // CNNVD: CNNVD-201912-1099 // NVD: CVE-2019-19398

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-validation-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19398	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191225-01-validation-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19398	Trust: 0.8

sources: CNVD: CNVD-2020-00517 // JVNDB: JVNDB-2019-013527 // CNNVD: CNNVD-201912-1099 // NVD: CVE-2019-19398

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-201912-1099

SOURCES

db:	CNVD	id:	CNVD-2020-00517
db:	JVNDB	id:	JVNDB-2019-013527
db:	CNNVD	id:	CNNVD-201912-1099
db:	NVD	id:	CVE-2019-19398

LAST UPDATE DATE

2024-11-23T22:29:49.571000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-00517	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-013527	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1099	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2019-19398	date:	2024-11-21T04:34:43.280

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-00517	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-013527	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1099	date:	2019-12-25T00:00:00
db:	NVD	id:	CVE-2019-19398	date:	2019-12-26T19:15:10.843