Huawei P30/P30 Pro före 9.1.0.162 4G LTE privilegier eskalering

InträderedigeraHistoryDiffjsonxmlCTI

En kritiskt svag punkt upptäcktes i Huawei P30 och P30 Pro (Smartphone Operating System). Som påverkar en okänd funktion av komponenten 4G LTE. En uppgradering till den version 9.1.0.162 att åtgärda problemet.

Fält05/06/2019 09:1619/06/2020 12:12
typeSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuawei
nameP30/P30 ProP30/P30 Pro
component4G LTE4G LTE
cwe284 (privilegier eskalering)284 (privilegier eskalering)
risk22
historic00
cvss2_vuldb_basescore3.73.7
cvss2_vuldb_tempscore3.23.2
cvss2_vuldb_avLL
cvss2_vuldb_acHH
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avAA
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore4.64.6
cvss3_meta_tempscore4.44.4
cvss3_vuldb_basescore4.94.9
cvss3_vuldb_tempscore4.74.7
cvss3_vuldb_avLL
cvss3_vuldb_acHH
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avAA
cvss3_nvd_acHH
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
date1559606400 (04/06/2019)1559606400 (04/06/2019)
urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-enhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
upgrade_version9.1.0.1629.1.0.162
cveCVE-2019-5307CVE-2019-5307
cve_assigned15465600001546560000
cve_nvd_summarySome Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore4.24.2
confirm_urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en

Might our Artificial Intelligence support you?

Check our Alexa App!