First published: Tue Jun 04 2019(Updated: )
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei P30 Firmware | <ele-al00_9.1.0.162 | |
HUAWEI P30 | ||
Huawei P30 Pro Firmware | <vog-al00_9.1.0.162 | |
HUAWEI P30 Pro |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-5307.
Some Huawei 4G LTE devices, specifically P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are affected.
The severity level of CVE-2019-5307 is medium (4.2).
The CWE ID associated with this vulnerability is CWE-294.
To fix this vulnerability, update your Huawei 4G LTE device to at least ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) for P30 versions and VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) for P30 Pro versions.