Improper Access Control in Huawei Share Software
CVE-2019-5212

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: P20
Vendor: CVE Published:; 29 November 2019

Summary

An improper access control vulnerability exists in Huawei Share, allowing unauthorized access to specific files when exploited. This is achieved by tricking users into installing a malicious application, which can then establish a connection with the attacker's device through Huawei Share. If successfully exploited, this vulnerability can lead to the disclosure of sensitive information.

Affected Version(s)

P20 Versions earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8), Versions earlier than Emily-L29C 9.1.0.311(C461E2R1P11T8),Versions earlier than Emily-L29C 9.1.0.311(C605E2R1P12T8), Versions earlier than Emily-L29C 9.1.0.311(C432E7R1P11T8)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2019
Vulnerability Reserved
Jan 4, 2019