CVE-2019-5260 — MEDIUM (6.5)

Vulnerability Description

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Y9 2019 Firmware	8.2.0.160\(c185r2p2\)
Huawei	Y9 2019	-
Huawei	View 20 Firmware	9.0.1.169\(c636e1r4p1\)
Huawei	View 20	-

Related Weaknesses (CWE)

CWE-20

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobileVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobileVendor Advisory

FAQ

What is CVE-2019-5260?

CVE-2019-5260 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send speci...

How severe is CVE-2019-5260?

CVE-2019-5260 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5260?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Y9 2019 Firmware, Huawei Y9 2019, Huawei View 20 Firmware, Huawei View 20.