Information disclosure in several Huawei smartphones
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-5230 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Huawei P20 Client/Desktop applications / Multimedia software Huawei P20 Pro Client/Desktop applications / Multimedia software Huawei Mate RS Client/Desktop applications / Multimedia software |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU22804
Risk: Low
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the affected software does not perform a properly validation of certain input models. A local attacker can trick a victim to install a malicious application, then craft a malformed model to get and tamper certain output data information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei P20: before 9.1.0.321
Huawei P20 Pro: before 9.1.0.321
Huawei Mate RS: before 9.1.0.321
CPE2.3- cpe:2.3:a:huawei:huawei_p20:*:*:*:*:*:*:*:*
- cpe:2.3:a:huawei:huawei_p20_pro:*:*:*:*:*:*:*:*
- cpe:2.3:a:huawei:huawei_mate_rs:*:*:*:*:*:*:*:*
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-03-smartphone-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
