Huawei P30/P30 Pro prior 9.1.0.162 4G LTE access control

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Huawei P30 and P30 Pro (Smartphone Operating System). Affected by this issue is some unknown functionality of the component 4G LTE. Upgrading to version 9.1.0.162 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
903208006/19/2020VulD...confirm_urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-enhuawei.com06/19/2020accepted100
903209406/05/2019VulD...cvss3_nvd_basescore4.2nist.gov06/05/2019accepted90
903209306/05/2019VulD...cvss3_vuldb_rcX06/05/2019accepted90
903209206/05/2019VulD...cvss3_vuldb_rlO06/05/2019accepted90
903209106/05/2019VulD...cvss3_vuldb_eX06/05/2019accepted90
903209006/05/2019VulD...cvss2_vuldb_rcND06/05/2019accepted90
903208906/05/2019VulD...cvss2_vuldb_rlOF06/05/2019accepted90
903208806/05/2019VulD...cvss2_vuldb_eND06/05/2019accepted90
903208706/05/2019VulD...locationWebsite06/05/2019accepted90
903208606/05/2019VulD...cve_nvd_summarySome Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)mitre.org06/05/2019accepted100
903208506/05/2019VulD...cve_assigned1546560000mitre.org06/05/2019accepted100
903208406/05/2019VulD...cveCVE-2019-5307mitre.org06/05/2019accepted100
903208306/05/2019VulD...upgrade_version9.1.0.16206/05/2019accepted100
903208206/05/2019VulD...nameUpgrade06/05/2019accepted100
903208106/05/2019VulD...price_0day$5k-$25ksee documentation06/05/2019accepted100
903207906/05/2019VulD...urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-enhuawei.com06/05/2019accepted100
903207806/05/2019VulD...date1559606400 (06/04/2019)06/05/2019accepted100
903207706/05/2019VulD...cvss3_nvd_aNnist.gov06/05/2019accepted100
903207606/05/2019VulD...cvss3_nvd_iLnist.gov06/05/2019accepted100
903207506/05/2019VulD...cvss3_nvd_cLnist.gov06/05/2019accepted100

Want to stay up to date on a daily basis?

Enable the mail alert feature now!