CVE-2019-5212 - OpenCVE

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P20 Firmware P20

Configuration 1 [-]

AND

cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2019-11-29T19:39:30

Updated: 2019-11-29T19:39:30

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5212

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-11-29T20:15:10.957

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5212

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"containers": {"cna": {"affected": [{"product": "P20", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8), Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8),Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8), Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)"}]}], "descriptions": [{"lang": "en", "value": "There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure."}], "problemTypes": [{"descriptions": [{"description": "Improper Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-29T19:39:30", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5212", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "P20", "version": {"version_data": [{"version_value": "Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8), Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8),Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8), Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5212", "datePublished": "2019-11-29T19:39:30", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2019-11-29T19:39:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "090E3CA9-AB5E-47CC-A23D-A533FD4ACB85", "versionEndExcluding": "emily-l29c_9.1.0.311\\(c10e2r1p13t8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE26A16D-571F-4433-B62B-80EDCEDC0279", "versionEndExcluding": "emily-l29c_9.1.0.311\\(c461e2r1p11t8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AEAA325-0964-4A89-BEE0-A4A4035486BD", "versionEndExcluding": "emily-l29c_9.1.0.311\\(c605e2r1p12t8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ECB5304-84C8-49C9-ABE8-63D6C0A9CEFA", "versionEndExcluding": "emily-l29c_9.1.0.311\\(c432e7r1p11t8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7492911B-4242-4947-9DED-9F48FC0875CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de control de acceso inapropiada en Huawei Share. El software no restringe apropiadamente el acceso a ciertos archivos desde determinadas aplicaciones. Un atacante enga\u00f1a al usuario para instalar una aplicaci\u00f3n maliciosa y luego establecer una conexi\u00f3n con el atacante por medio de Huawei Share, una explotaci\u00f3n con \u00e9xito podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2019-5212", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-29T20:15:10.957", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-share-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}