CVE-2019-5251 — MEDIUM (5.5)

Q: How severe is CVE-2019-5251?

CVE-2019-5251 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5251?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor V10 Firmware, Huawei Honor V10, Huawei P30 Firmware, Huawei P30, Huawei Enjoy 7S Firmware.

Vulnerability Description

There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Honor V10 Firmware	< 9.1.0.333\(c00e333r2p1t8\)
Huawei	Honor V10	-
Huawei	P30 Firmware	< 9.1.0.226\(c00e220r2p1\)
Huawei	P30	-
Huawei	Enjoy 7S Firmware	< 9.1.0.130\(c00e115r2p8t8\)
Huawei	Enjoy 7S	-
Huawei	Mate 20 Firmware	< 9.1.0.139\(c00e133r3p1\)
Huawei	Mate 20	-
Huawei	Honor 9 Lite Firmware	< 9.1.0.143\(c636e5r1p5t8\)
Huawei	Honor 9 Lite	-
Huawei	Honor 9I Firmware	< 9.1.0.120\(c00e113r1p6t8\)
Huawei	Honor 9I	-
Huawei	M6 Firmware	< 9.1.1.150\(c00e150r1p150\)
Huawei	M6	-
Huawei	P30 Pro Firmware	< 9.1.0.226\(c00e210r2p1\)
Huawei	P30 Pro	-
Huawei	Honor 20S Firmware	< 9.1.1.132\(c00e131r6p1\)
Huawei	Honor 20S	-

Related Weaknesses (CWE)

CWE-22

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartpVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartpVendor Advisory

FAQ

What is CVE-2019-5251?

CVE-2019-5251 is a vulnerability with a CVSS score of 5.5 (MEDIUM). There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installin...

How severe is CVE-2019-5251?

CVE-2019-5251 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5251?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor V10 Firmware, Huawei Honor V10, Huawei P30 Firmware, Huawei P30, Huawei Enjoy 7S Firmware.