Version Downgrade Vulnerability in Huawei Smartphones and HiSuite Software
CVE-2019-5226

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: P30, P30 Pro, Mate 20, Hisuite
Vendor: CVE Published:; 29 November 2019

What is CVE-2019-5226?

Certain Huawei smartphones, including the P30, P30 Pro, and Mate 20, as well as the HiSuite software, are susceptible to a version downgrade vulnerability. This occurs due to insufficient validation of upgrade packages, allowing the system of the smartphone to be reverted to an earlier, possibly less secure version. Devices running specific software versions are particularly at risk, as they do not adequately check the integrity of the upgrade path, potentially exposing users to older vulnerabilities that may have been patched in subsequent releases.

Affected Version(s)

P30, P30 Pro, Mate 20, HiSuite Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2019
Vulnerability Reserved
Jan 4, 2019