5.5
CVE-2019-5227
- EPSS 0.06%
- Veröffentlicht 29.11.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:44:33
- Quelle psirt@huawei.com
- Teams Watchlist Login
- Unerledigt Login
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Huawei ≫ P30 Firmware Version < elle-al00b_9.1.0.193\(c00e190r2p1\)
Huawei ≫ P30 Pro Firmware Version < vogue-al00a_9.1.0.193\(c00e190r2p1\)
Huawei ≫ Mate 20 Firmware Version < hima-al00b_9.1.0.135\(c00e133r2p1\)
Huawei ≫ Hisuite Firmware Version < 9.1.0.305
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.154 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.