CVE-2019-5296 — LOW (3.9) — White Hats Nepal

Q: How severe is CVE-2019-5296?

CVE-2019-5296 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5296?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate20 Firmware, Huawei Mate20.

Vulnerability Description

Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may cause out-of-bounds read of the memory and the system abnormal.

CVSS Score

3.9

LOW

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Mate20 Firmware	< hma-al00c00b175
Huawei	Mate20	-

Related Weaknesses (CWE)

CWE-125

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-phone-Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-phone-Vendor Advisory

FAQ

What is CVE-2019-5296?

CVE-2019-5296 is a vulnerability with a CVSS score of 3.9 (LOW). Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insuf...

How severe is CVE-2019-5296?

CVE-2019-5296 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5296?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate20 Firmware, Huawei Mate20.