CVE-2019-5284

Опубликовано: 04 июн. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:leland-al00a_firmware:*:*:*:*:*:*:*:*

Версия до leland-al00a_9.1.0.111\(c00e111r2p10t8\) (исключая)

cpe:2.3:h:huawei:leland-al00a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.0017

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fxmq-w9j8-69pv