CVE-2019-5215 - Vulnerability Details - OpenCVE

There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	P30 P30 Firmware P30 Pro P30 Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2019-06-04T18:44:57

Updated: 2024-08-04T19:47:56.627Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5215

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-06-04T19:29:00.227

Modified: 2024-11-21T04:44:31.840

Link: CVE-2019-5215

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "P30,P30 Pro", "vendor": "Huawei", "versions": [{"status": "affected", "version": "The versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)"}, {"status": "affected", "version": "The versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)"}]}], "datePublic": "2019-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)"}], "problemTypes": [{"descriptions": [{"description": "man-in-the-middle", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-04T18:44:57", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5215", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "P30,P30 Pro", "version": {"version_data": [{"version_value": "The versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)"}, {"version_value": "The versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "man-in-the-middle"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.627Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5215", "datePublished": "2019-06-04T18:44:57", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.627Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF7D1F2D-B51E-4ABF-B53D-6F4F7EE54081", "versionEndExcluding": "vog-al00_9.1.0.162\\(c01e160r1p12\\/c01e160r2p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "55CF6874-A1F4-4F8D-AE66-2D5F8CE25B9C", "versionEndExcluding": "ele-al00_9.1.0.162\\(c01e160r1p12\\/c01e160r2p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*", "matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)"}, {"lang": "es", "value": "Existe una vulnerabilidad de man-in-the-middle (MITM) en las versiones de Tel\u00e9fonos Huawei P30 antes de ELE-AL00 9.1.0.162 (C01E160R1P12 / C01E160R2P1), y P30 Pro versiones anteriores a VOG-AL00 9.1.0.162 (C01E160R1P12 / C01E160R2P1). Cuando los usuarios establecen la conexi\u00f3n y transfieren datos a trav\u00e9s de Huawei Share, un atacante podr\u00eda rastrear, falsificar y realizar una serie de operaciones para entrometerse en la conexi\u00f3n de Huawei Share y lanzar un ataque Man-in-the-middle para obtener y manipular los datos. (ID de vulnerabilidad: HWPSIRT-2019-03109)"}], "id": "CVE-2019-5215", "lastModified": "2024-11-21T04:44:31.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-04T19:29:00.227", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}