A vulnerability classified as critical has been found in Huawei P30, P30 Pro, Mate 20 and HiSuite up to 9.1.0 (Smartphone Operating System). This affects an unknown part of the component Upgrade Package. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

The weakness was presented 11/29/2019 (Website). It is possible to read the advisory at huawei.com. This vulnerability is uniquely identified as CVE-2019-5227. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 9.1.0.193(C00E190R2P1) eliminates this vulnerability.

See 146582 for similar entry.

Productinfo

Type

• Smartphone Operating System

Vendor

• Huawei

Name

• HiSuite
• Mate 20
• P30
• P30 Pro

Version

• 9.0
• 9.1

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion