// For flags

CVE-2019-5227

 

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

Los teléfonos inteligentes P30, P30 Pro, Mate 20 con software de versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R2P1), versiones anteriores a VOGUE-AL00A 9.1.0.193(C00E190R2P1), versiones anteriores a Hima-AL00B 9.1.0.135(C00E133R2P1) y HiSuite con versiones anteriores a HiSuite 9.1.0.305, presenta una vulnerabilidad de degradado de versión. El dispositivo y el software HiSuite no comprueban el paquete de actualización lo suficiente, de modo que el sistema del teléfono inteligente puede degradarse a una versión anterior.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-04 CVE Reserved
  • 2019-11-29 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-346: Origin Validation Error
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Huawei
Search vendor "Huawei"
P30 Firmware
Search vendor "Huawei" for product "P30 Firmware"
< elle-al00b_9.1.0.193\(c00e190r2p1\)
Search vendor "Huawei" for product "P30 Firmware" and version " < elle-al00b_9.1.0.193\(c00e190r2p1\)"
-
Affected
in Huawei
Search vendor "Huawei"
P30
Search vendor "Huawei" for product "P30"
--
Safe
Huawei
Search vendor "Huawei"
P30 Pro Firmware
Search vendor "Huawei" for product "P30 Pro Firmware"
< vogue-al00a_9.1.0.193\(c00e190r2p1\)
Search vendor "Huawei" for product "P30 Pro Firmware" and version " < vogue-al00a_9.1.0.193\(c00e190r2p1\)"
-
Affected
in Huawei
Search vendor "Huawei"
P30 Pro
Search vendor "Huawei" for product "P30 Pro"
--
Safe
Huawei
Search vendor "Huawei"
Mate 20 Firmware
Search vendor "Huawei" for product "Mate 20 Firmware"
< hima-al00b_9.1.0.135\(c00e133r2p1\)
Search vendor "Huawei" for product "Mate 20 Firmware" and version " < hima-al00b_9.1.0.135\(c00e133r2p1\)"
-
Affected
in Huawei
Search vendor "Huawei"
Mate 20
Search vendor "Huawei" for product "Mate 20"
--
Safe
Huawei
Search vendor "Huawei"
Hisuite Firmware
Search vendor "Huawei" for product "Hisuite Firmware"
< 9.1.0.305
Search vendor "Huawei" for product "Hisuite Firmware" and version " < 9.1.0.305"
-
Affected
in Huawei
Search vendor "Huawei"
Hisuite
Search vendor "Huawei" for product "Hisuite"
--
Safe