Version Downgrade Vulnerability in Huawei Smartphones
CVE-2019-5227

5.5MEDIUM

Key Information:

Vendor

Huawei
Status
P30, P30 Pro, Mate 20, Hisuite
Vendor
CVE Published:
29 November 2019

What is CVE-2019-5227?

Certain Huawei smartphones, including the P30, P30 Pro, and Mate 20, along with HiSuite, are susceptible to a version downgrade vulnerability. This occurs due to insufficient validation of upgrade packages, allowing attackers to revert devices to older software versions. Such downgrades could potentially expose the device to previously patched security flaws, compromising user data and system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

P30, P30 Pro, Mate 20, HiSuite Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.