CVE-2019-5307Authentication Bypass by Capture-replay in Huawei P30 Firmware

CWE-294Authentication Bypass by Capture-replay3 documents3 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 91.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P30 FirmwareHuawei P30 PRO Firmware
Timeline
PublishedJun 4
Latest updateMay 24

Description

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tampe

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

NVDhuawei/p30_firmware< ele-al00_9.1.0.162
NVDhuawei/p30_pro_firmware< vog-al00_9.1.0.162

🔴Vulnerability Details

2
GHSA
GHSA-f9r5-w77x-85qf: Some Huawei 4G LTE devices, P30 versions before ELE-AL00 92022-05-24
CVEList
CVE-2019-5307: Some Huawei 4G LTE devices, P30 versions before ELE-AL00 92019-06-04
CVE-2019-5307 — Authentication Bypass by Capture-replay | cvebase