Vulnerabilites related to huawei - hwbackup
CVE-2019-5263 (GCVE-0-2019-5263)
Vulnerability from cvelistv5
Published
2019-11-29 19:20
Modified
2024-08-04 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Brute Forcing
Summary
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HiSuite, HwBackup |
Version: 9.1.0.305 and earlier versions, 9.1.0.305(MAC) and earlier versions, Earlier versions before 9.1.1.308 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiSuite, HwBackup",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1.0.305 and earlier versions, 9.1.0.305(MAC) and earlier versions, Earlier versions before 9.1.1.308"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Brute Forcing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T19:20:27",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiSuite, HwBackup",
"version": {
"version_data": [
{
"version_value": "9.1.0.305 and earlier versions, 9.1.0.305(MAC) and earlier versions, Earlier versions before 9.1.1.308"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Brute Forcing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5263",
"datePublished": "2019-11-29T19:20:27",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-29 20:15
Modified
2024-11-21 04:44
Severity ?
Summary
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "7D75F234-2669-42CA-A0A1-B098090311C8",
"versionEndIncluding": "9.1.0.305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C441C288-AA09-4D71-A6B2-9CD5301AE6FA",
"versionEndIncluding": "9.1.0.305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hwbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE40AA61-6819-49F0-A027-35ED2F81B89A",
"versionEndIncluding": "9.1.1.308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup."
},
{
"lang": "es",
"value": "HiSuite con versiones 9.1.0.305 y anteriores y 9.1.0.305(MAC) y anteriores y HwBackup con versiones anteriores a 9.1.1.308, presentan una vulnerabilidad de datos de copia de seguridad encriptados por fuerza bruta. La informaci\u00f3n de la copia de seguridad del usuario del tel\u00e9fono inteligente Huawei puede ser obtenida mediante fuerza bruta de la contrase\u00f1a para cifrar la copia de seguridad."
}
],
"id": "CVE-2019-5263",
"lastModified": "2024-11-21T04:44:37.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T20:15:12.003",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}