CVE-2019-5284

{"id": "CVE-2019-5284", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-06-04T19:29:00.413", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)"}, {"lang": "es", "value": "Existe una vulnerabilidad DoS en el m\u00f3dulo RTSP de las versiones de los tel\u00e9fonos inteligentes ( smart phones) Leland-AL00A Huawei anteriores a la versi\u00f3n Leland-AL00A 9.1.0.111 (C00E111R2P10T8). Los atacantes remotos podr\u00edan enga\u00f1ar al usuario para que abra un flujo de medios RTSP con formato incorrecto para aprovechar esta vulnerabilidad. La joperaci\u00f3n con \u00e9xito podr\u00eda causar que el tel\u00e9fono afectado sea anormal, lo que lleva a una condici\u00f3n DoS. (ID de vulnerabilidad: HWPSIRT-2019-02004"}], "lastModified": "2022-04-18T17:15:26.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:leland-al00a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91BC4A32-C36A-4178-B321-A7B35A327272", "versionEndExcluding": "leland-al00a_9.1.0.111\\(c00e111r2p10t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:leland-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93788B36-B3A1-40EF-91DF-BE42A4D2BFAF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}