CVE-2019-5221 - OpenCVE

There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1).

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Mate 20 X Mate 20 X Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2019-07-10T17:43:23

Updated: 2024-08-04T19:47:56.787Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5221

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-10T18:15:11.127

Modified: 2019-07-18T18:53:26.663

Link: CVE-2019-5221

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Mate 20 X", "vendor": "Huawei", "versions": [{"status": "affected", "version": "Versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12)"}, {"status": "affected", "version": "Versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1)"}, {"status": "affected", "version": "Versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1)"}]}], "descriptions": [{"lang": "en", "value": "There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1)."}], "problemTypes": [{"descriptions": [{"description": "Path Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-10T17:43:23", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5221", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mate 20 X", "version": {"version_data": [{"version_value": "Versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12)"}, {"version_value": "Versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1)"}, {"version_value": "Versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1)"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Path Traversal"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.787Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5221", "datePublished": "2019-07-10T17:43:23", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.787Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9BC7F38-F7C4-4652-866A-5DB6590B71A4", "versionEndExcluding": "ever-l29b_9.1.0.300\\(c636e3r2p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FD3779B-F943-4B7E-BF82-AA4A051D02C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD4864FE-D4CF-4EDA-B273-106C8FAAF2A6", "versionEndExcluding": "ever-l29b_9.1.0.300\\(c432e3r1p12\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FD3779B-F943-4B7E-BF82-AA4A051D02C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "19AAD953-0E29-440A-91AD-E945AE439FC3", "versionEndExcluding": "ever-l29b_9.1.0.300\\(c185e3r3p1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FD3779B-F943-4B7E-BF82-AA4A051D02C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1)."}, {"lang": "es", "value": "Hay una vulnerabilidad de salto de ruta en la funci\u00f3n Huawei Share. El software no comprueba apropiadamente la ruta, un atacante podr\u00eda crear una ruta (path) de archivo al transportar un archivo por medio de Huawei Share, una explotaci\u00f3n con \u00e9xito podr\u00eda permitirle transportar un archivo a una ruta arbitraria en el tel\u00e9fono. Productos afectados: Mate 20 X versiones anteriores a Ever-L29B 9.1.0.300(C432E3R1P12), versiones anteriores a Ever-L29B 9.1.0.300(C636E3R2P1) y versiones anteriores a Ever-L29B 9.1.0.300(C185E3R3P1)."}], "id": "CVE-2019-5221", "lastModified": "2019-07-18T18:53:26.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-10T18:15:11.127", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}