PT-2019-17517 · Huawei · Huawei P30+3
Published
2019-11-29
·
Updated
2021-07-21
·
CVE-2019-5227
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei P30 versions prior to ELLE-AL00B 9.1.0.193(C00E190R2P1)
Huawei P30 Pro versions prior to VOGUE-AL00A 9.1.0.193(C00E190R2P1)
Huawei Mate 20 versions prior to Hima-AL00B 9.1.0.135(C00E133R2P1)
Huawei HiSuite versions prior to 9.1.0.305
Description
The issue is related to a version downgrade vulnerability. It occurs because the device and HiSuite software do not validate the upgrade package sufficiently, allowing the system of the smartphone to be downgraded to an older version.
Recommendations
For Huawei P30 versions prior to ELLE-AL00B 9.1.0.193(C00E190R2P1), update to version ELLE-AL00B 9.1.0.193(C00E190R2P1) or later.
For Huawei P30 Pro versions prior to VOGUE-AL00A 9.1.0.193(C00E190R2P1), update to version VOGUE-AL00A 9.1.0.193(C00E190R2P1) or later.
For Huawei Mate 20 versions prior to Hima-AL00B 9.1.0.135(C00E133R2P1), update to version Hima-AL00B 9.1.0.135(C00E133R2P1) or later.
For Huawei HiSuite versions prior to 9.1.0.305, update to version 9.1.0.305 or later.
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Hisuite
Huawei Mate 20
Huawei P30
Huawei P30 Pro