CVE-2019-5307

Published: 04/06/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 4.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 4.2 | Impact Score: 2.5 | Exploitability Score: 1.6

VMScore: 383

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)

Vulnerable Product	Search on Vulmon	Subscribe to Product
huawei p30 firmware
huawei p30 pro firmware

Some Huawei 4G LTE devices are exposed to a message replay vulnerability or the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions ...

CWE-294 https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en https://nvd.nist.gov https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-5307

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect