PT-2019-17570 · Huawei · Huawei P30+1
Eunkyu Lee
+3
·
Published
2019-06-04
·
Updated
2020-08-24
·
CVE-2019-5307
CVSS v2.0
4.3
Medium
| Vector | AV:A/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)
Huawei P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)
Description
The issue is related to a message replay vulnerability in some Huawei 4G LTE devices. These devices implement a less strict check on the NAS message sequence number, specifically NAS COUNT, for better compatibility. This allows an attacker to construct a rogue base station and replay certain messages, such as the GUTI reallocation command message or the Identity request message, under specific conditions. This can result in tampering with GUTIs or obtaining IMSIs.
Recommendations
For Huawei P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), update to version ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) or later.
For Huawei P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), update to version VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei P30
Huawei P30 Pro