CVE-2019-5260 - OpenCVE

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	View 20 View 20 Firmware Y9 2019 Y9 2019 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:y9_2019_firmware:8.2.0.160\(c185r2p2\):::::::*
	cpe:2.3:o:huawei:y9_2019_firmware:8.2.0.162\(c605\):::::::*
	cpe:2.3:o:huawei:y9_2019_firmware:8.2.0.163\(c605\):::::::*

cpe:2.3:h:huawei:y9_2019:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:huawei:view_20_firmware:9.0.1.169\(c636e1r4p1\):::::::*
	cpe:2.3:o:huawei:view_20_firmware:9.0.1.170\(c185e2r3p1\):::::::*
	cpe:2.3:o:huawei:view_20_firmware:9.0.1.170\(c432e1r3p1\):::::::*

cpe:2.3:h:huawei:view_20:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2019-12-13T21:52:56

Updated: 2024-08-04T19:47:56.865Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5260

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-13T22:15:11.687

Modified: 2019-12-18T16:35:09.753

Link: CVE-2019-5260

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HUAWEI Y9 2019;Honor View 20", "vendor": "n/a", "versions": [{"status": "affected", "version": "8.2.0.160(C185R2P2)"}, {"status": "affected", "version": "8.2.0.162(C605)"}, {"status": "affected", "version": "8.2.0.163(C605)"}, {"status": "affected", "version": "9.0.1.169(C636E1R4P1)"}, {"status": "affected", "version": "9.0.1.170(C185E2R3P1)"}, {"status": "affected", "version": "9.0.1.170(C432E1R3P1)"}]}], "descriptions": [{"lang": "en", "value": "Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-13T21:52:56", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5260", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI Y9 2019;Honor View 20", "version": {"version_data": [{"version_value": "8.2.0.160(C185R2P2)"}, {"version_value": "8.2.0.162(C605)"}, {"version_value": "8.2.0.163(C605)"}, {"version_value": "9.0.1.169(C636E1R4P1)"}, {"version_value": "9.0.1.170(C185E2R3P1)"}, {"version_value": "9.0.1.170(C432E1R3P1)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.865Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5260", "datePublished": "2019-12-13T21:52:56", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.865Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:y9_2019_firmware:8.2.0.160\\(c185r2p2\\):*:*:*:*:*:*:*", "matchCriteriaId": "1624626A-F8A0-4913-BEC5-F980E97151B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:y9_2019_firmware:8.2.0.162\\(c605\\):*:*:*:*:*:*:*", "matchCriteriaId": "2D6FCB56-EC4B-4BCD-BC6B-AA00B2958309", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:y9_2019_firmware:8.2.0.163\\(c605\\):*:*:*:*:*:*:*", "matchCriteriaId": "64A2B0BA-61C6-4B57-B5F4-C6D0BA0DD5C9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:y9_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "F48ABE15-BC87-4B02-8B39-94DA1DC96B92", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:view_20_firmware:9.0.1.169\\(c636e1r4p1\\):*:*:*:*:*:*:*", "matchCriteriaId": "4809DED6-BA3A-4BCE-B16F-4B8A3069DDEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:view_20_firmware:9.0.1.170\\(c185e2r3p1\\):*:*:*:*:*:*:*", "matchCriteriaId": "A43A0E55-2963-4B8B-ADA9-4E460B033004", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:view_20_firmware:9.0.1.170\\(c432e1r3p1\\):*:*:*:*:*:*:*", "matchCriteriaId": "73E31C10-643A-4E2C-BBA6-108DAF3D1D6A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:view_20:-:*:*:*:*:*:*:*", "matchCriteriaId": "602512EA-74A4-4102-B27F-873E18278756", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot."}, {"lang": "es", "value": "Los tel\u00e9fonos inteligentes Huawei HUAWEI Y9 2019 y Honor View 20, tienen una vulnerabilidad de denegaci\u00f3n de servicio. Debido a una comprobaci\u00f3n de entrada insuficiente de un valor espec\u00edfico cuando se analizan los mensajes, un atacante puede enviar mensajes TD-SCDMA especialmente dise\u00f1ados desde una estaci\u00f3n base no autorizada hacia los dispositivos afectados para explotar esta vulnerabilidad. La explotaci\u00f3n con \u00e9xito puede causar un bucle infinito y reiniciar el dispositivo."}], "id": "CVE-2019-5260", "lastModified": "2019-12-18T16:35:09.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-13T22:15:11.687", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}