CVE-2019-5246 : Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E1

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution.

Published 2019-11-13 00:15:12

Updated 2019-11-15 17:57:30

Source Huawei Technologies

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2019-5246

Huawei » Elle-al00b Firmware » Version: 9.1.0.109(c00e106r1p21)
cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.109\(c00e106r1p21\):*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Elle-al00b » Version: N/A
Huawei » Elle-al00b Firmware » Version: 9.1.0.113(c00e110r1p21)
cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.113\(c00e110r1p21\):*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Elle-al00b » Version: N/A
Huawei » Elle-al00b Firmware » Version: 9.1.0.125(c00e120r1p21)
cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.125\(c00e120r1p21\):*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Elle-al00b » Version: N/A
Huawei » Elle-al00b Firmware » Version: 9.1.0.135(c00e130r1p21)
cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.135\(c00e130r1p21\):*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Elle-al00b » Version: N/A
Huawei » Elle-al00b Firmware » Version: 9.1.0.153(c00e150r1p21)
cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.153\(c00e150r1p21\):*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Elle-al00b » Version: N/A
Huawei » Elle-al00b Firmware » Version: 9.1.0.155(c00e150r1p21)
cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.155\(c00e150r1p21\):*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Elle-al00b » Version: N/A
Huawei » Elle-al00b Firmware » Version: 9.1.0.162(c00e160r2p1)
cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.162\(c00e160r2p1\):*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Elle-al00b » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-5246

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-5246

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.2	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.3	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-5246

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-5246

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-codeexecution-en

Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-5246

Products affected by CVE-2019-5246

Exploit prediction scoring system (EPSS) score for CVE-2019-5246

CVSS scores for CVE-2019-5246

CWE ids for CVE-2019-5246

References for CVE-2019-5246