Huawei P30/P30 Pro prior 9.1.0.162 4G LTE access control

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Huawei P30 and P30 Pro (Smartphone Operating System). Affected by this issue is some unknown functionality of the component 4G LTE. Upgrading to version 9.1.0.162 eliminates this vulnerability.

Field06/05/2019 09:16 AM06/19/2020 12:12 PM
typeSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuawei
nameP30/P30 ProP30/P30 Pro
component4G LTE4G LTE
cwe284 (privilege escalation)284 (privilege escalation)
risk22
historic00
cvss2_vuldb_basescore3.73.7
cvss2_vuldb_tempscore3.23.2
cvss2_vuldb_avLL
cvss2_vuldb_acHH
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avAA
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore4.64.6
cvss3_meta_tempscore4.44.4
cvss3_vuldb_basescore4.94.9
cvss3_vuldb_tempscore4.74.7
cvss3_vuldb_avLL
cvss3_vuldb_acHH
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avAA
cvss3_nvd_acHH
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
date1559606400 (06/04/2019)1559606400 (06/04/2019)
urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-enhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
upgrade_version9.1.0.1629.1.0.162
cveCVE-2019-5307CVE-2019-5307
cve_assigned15465600001546560000
cve_nvd_summarySome Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore4.24.2
confirm_urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en

Do you need the next level of professionalism?

Upgrade your account now!